The California legislature’s sweeping attempt to ramp up online protections for children covers a lot of ground, but critics say it’s too broad. Credit: Polygraphus / Getty Images A proposed California law which passed the state senate this week could drastically boost online privacy protection for minors, but major platforms like Google and Meta have called the bill “too broad,” warning that the work involved in complying with the law would be onerous and have unintended consequences.The essence of the bill, called the California Age-Appropriate Design Code Act, is that tech companies that collect data on children would be required to treat that data differently than data on other users, and to enact a range of other safeguards designed to protect children’s privacy when using online platforms.Among the bill’s specific provisions are requirements that all optional privacy settings be set to their highest values by default for child users, all privacy information and terms of service be presented in language easy for children to understand, and to complete a data protection impact assessment before adding new services or features, to ensure that those services won’t result in harm to children.“As children spend more of their time interacting with the online world, the impact of the design of online products and services on children’s well-being has become a focus of significant concern,” the bill stated. “There is bipartisan agreement at the international level, in both the United States and in the State of California, that more needs to be done to create a safer online space for children to learn, explore, and play.” Critics predict unnecessary regulatory overheadThe measure is not without its critics – the California Chamber of Commerce, along with industry groups that include Google, Apple and Amazon, wrote a letter to state legislators in June, saying that the bill’s focus is over-broad and likely to create regulatory overhead for companies that the bill did not intend to target.“’Likely to be accessed by a child’ is an overinclusive standard and would capture far more websites and platforms than necessary and subject them to this bill’s requirements,” the letter read in part. “It is also an unfamiliar standard that will present problems for companies trying to determine whether they are in the scope of the bill.” Child privacy act to have broad impactAccording to Dan Novack, chair of the New York state bar commission on media law, whatever the bill’s specific effects on regulated companies are, they’re likely to be felt widely, as California is essentially the “highest common denominator” among U.S. states where privacy is concerned.“California is so big and services so many people,” he said. “It’s unlikely that most businesses will want to geo-filter California kids,” which means that largely everyone will move to comply with the measure, should California Governor Gavin Newsome sign it into law.What form that compliance takes can be complex as well – huge platforms like Facebook and Google will devise their own solutions and assert compliance, but Novack said that the terms of the proposed law are quite broad, and that different companies will move to comply with the law in different ways.“To me, the obvious concern is all the language about ‘the best interest of the child,’” he said, noting that such language is vague. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe