California’s Video Game Data Collection Law: A Step Too Far?
California’s legislature has generally prided itself on pushing the forefront of consumer privacy. As I discussed in a previous post, a few of California’s legislators are even venturing into the realm of neurorights. The latest in its legislative efforts, AB-2529, seeks to protect minors by prohibiting social media platforms and video games from collecting their personal information. However, several imprecisions and redundancies call into question the necessity and effectiveness of this bill.
As the Legislative Counsel’s Digest for the bill explains, the California Consumer Privacy Act of 2018 (CCPA) and the California Age-Appropriate Design Code Act already establish comprehensive protections for minors’ data. Under the CCPA, businesses are prohibited from selling or sharing the personal information of minors under 16 years of age without explicit consent from the minor’s guardian. Additionally, the Age-Appropriate Design Code Act limits the collection of personal information to what is necessary for the functionality of an online service likely to be accessed by children.
What is curious about AB-2529, especially regarding video games, is that the bill targets a specific product instead of the businesses behind it. That certainly departs from the norm with CCPA-styled regulations, which concern businesses with certain characteristics, such as revenue size.
Beyond this, AB-2529 has questionable utility, given the legislation already in place. The preexisting framework addresses most of the concerns about children’s data that Ab-2529 aims to tackle, such as the sale and dissemination of data collected from, say, ten-year-olds.
The Age-Appropriate Design Code Act mandates that businesses offering online services likely to be accessed by children must design their services with children’s best interests in mind. Businesses are to minimize data collection and ensure that any data collected is necessary for the child’s engagement with the service.
The current law allows parents and guardians more leeway to manage and authorize data collection for their minors than AB-2529 would. This is highlighted by the fact that AB-2529 would raise the age of data protection from 16 to 18. Exempting anyone under 18 fails to account for how teenagers interact with digital products compared to younger children. Adolescents can have a greater understanding of digital interactions and terms of service tradeoffs, which makes a one-size-fits-all approach less reasonable.
Fear of social media platforms, too, seems to be partially motivating such a bill. In a previous article on the Canadian government’s efforts to save the children from “online harms,” Francis Crescia makes the astute point that “And social media companies have their own set of robust rules and censor users for the slightest offense.”
Fear-driving legislation should not overshadow the measures already in place by social media and current law. A heavier-handed approach certainly risks stifling the very platforms that offer significant opportunities for communication, learning, safe entertainment and community building.