Calif. Assembly Panel Slaps on Industry Objections to Opt-Out, Kids Safety Bills

Earlier at the hearing, committee members voiced frustration with the industry lawsuit that defeated California’s age-appropriate design code as they supported a new kids social media bill (AB-2). The committee also advanced a government privacy bill (AB-1337).

The California Privacy Protection Agency supports AB-556 to make it easier for consumers to exercise their privacy rights, said Maureen Mahoney, CPPA deputy director of policy and legislation, at the Assembly Privacy hearing. "We are concerned about consumer access to these signals,” she said: “Some of the biggest browsers," including Google Chrome, Apple Safari and Microsoft Edge, don't support global opt-out signals.

Browsers with universal opt-out mechanisms include Brave, DuckDuckGo and Mozilla Firefox. Shivan Kaul Sahib, Brave vice president of privacy and security, testified that it “took our small team just a few days to implement” the Global Privacy Control, a type of opt-out mechanism. "There is no technical barrier here,” he added. Other supporters include Common Sense, Consumer Reports, Oakland Privacy, the Electronic Frontier Foundation, and Privacy Rights Clearinghouse.

However, the California Chamber of Commerce disagreed. Mandating global opt-out controls "creates significant compliance questions,” said Policy Advocate Ronak Daylami.

Plus, including mobile OS requirements -- even with the bill requiring a CPPA rulemaking for those specific rules -- is “still directly contrary” to Democratic Gov. Gavin Newsom’s veto of last year’s version of the bill, said the CalChamber lobbyist. Newsom opposed the bill covering mobile OS makers. Daylami added that legislators, not the agency, should write the specific rules. Other opponents included TechNet, the Computer & Communications Industry Associations and some other industry groups.

However, Assemblymember Carl DeMaio (R) scolded industry as he supported the bill. "It is absolutely unacceptable, some of the complicated and hidden ways that you are providing your users with an opt-out feature." DeMaio hears the compliance concerns, "but if industry doesn't clean up its act, then we're going to have to have legislative remedies."

Assemblymember Cottie Petrie-Norris (D) chose not to vote on the bill. She wondered aloud why it’s necessary to require all browsers to support the feature if consumers can switch to alternatives.

AB-556 sponsor and Assemblymember Josh Lowenthal (D) argued that accessing privacy rights through browsers is too burdensome and time-consuming for consumers who are already overwhelmed.

AADC Fallout

Meanwhile, the Privacy Committee voted 9-0 to send the kids social media bill to the Judiciary Committee. Another Lowenthal bill, AB-2, is the same as last year's AB-3172, which would have established civil penalties for a big social media platform that “breaches its responsibility of ordinary care and skill to a child” younger than 18. That legislation passed the Assembly but was never considered for a floor vote in the Senate (see 2409030021).

Committee Chair Rebecca Bauer-Kahan (D) said the “ideal approach” to protect kids was the California Age-Appropriate Design Code (AADC) Act, but a federal court blocked it (see 2503140063). Companies should have voluntarily implemented AADC requirements long ago, said the chair. "They not only chose not to do those things. They sued on the bill and won so that they wouldn't have to protect our kids. They are choosing to run platforms in a way that harms our kids because our kids are a commodity to them."

TechNet and EFF were the primary witnesses opposing AB-3172 at the hearing. Petrie-Norris pressed TechNet on what it would support, if not this or previous proposals on children’s online safety. TechNet Executive Director-California Robert Boykin said he didn’t have a specific answer. Becca Cramer, lobbying for EFF, noted that strengthening privacy protections for everyone online, regardless of age, could reduce many of the harms for children.

DeMaio and Petrie-Norris raised concerns about the bill containing a private right of action. That could lead to “shakedown lawsuits” and “frivolous litigation,” said DeMaio, suggesting that enforcement be narrowed to public prosecutors. Committing to continued talks about the right approach, Lowenthal noted that last year the Senate Judiciary Committee made that change to enforcement when it amended the Assembly-passed bill.

Additionally, the Privacy Committee voted 12-1 to clear AB-1337 and send it to the Appropriations Committee. The bill would update the Information Practices Act of 1977, including by harmonizing its definitions of personal and sensitive information with the CCPA, and by expanding its application to include local governments, not just state agencies. While a counties league raised concerns at the hearing, the bill received support from consumer advocates, including EFF, Oakland Privacy and the Center for Democracy and Technology.

Assemblymember Joe Patterson (R) supported the bill for seeking to expand the government privacy law to cover localities. He said it's wrong to think of local government as “small government.”