South Carolina Eyes Age-Appropriate Design: What H4842 Means for Your Child’s Online Safety
February 23, 2024 by Jacob Flowers
It isn’t often that South Carolina is featured at the forefront of data privacy legislation news, but online child safety has taken center stage at the South Carolina Statehouse with the introduction of House Bill 4842, the “South Carolina Age-Appropriate Design Code Act.” This legislation draws inspiration from California and other states’ ongoing efforts to establish similar protections, and it’s crucial for South Carolina business and consumers to understand both the potential impact and the historical context surrounding this bill.
California’s Pioneering Efforts:
California’s Age-Appropriate Design Code Act (CAADCA), the model for H 4842 and originally inspired by a similar law in the United Kingdom, remains under debate after it was recently blocked by a California federal judge, citing free speech concerns. Despite its legal difficulties, it sparked national conversations about how technology companies should approach the ways in which they offer online experiences to children.
While the CAADCA is enjoined by federal litigation for the time being, California policymakers have initiated a new legislative effort to expand protections for child online privacy and safety. On January 29, 2024, California Attorney General Rob Bonta along with Assembly member Buffy Wicks and State Senator Nancy Skinner announced two new major legislative proposal: California Children’s Data Privacy Act (AB 1949) and the Protecting Youth from Social Media Addiction Act (SB 976), both of which were inspired by similar laws passed in New York.
The legal challenges to the CAADCA have acted as guardrails to other states as they draft their own Age-Appropriate Design Code laws. New Mexico, Virginia, Maryland, Vermont, and Hawaii have all introduced their own modified versions of the CAADCA, including South Carolina’s own bill, H 4842.
H 4842: Demystifying the Key Provisions:
H 4842 establishes a framework for online platforms, defined as “covered entities,” to prioritize children’s best interests in the design of their platforms and in their data management practices. It addresses multiple aspects of online child safety, including:
- Prohibited Practices: H 4842 outlaws specific design features and data collection methods deemed manipulative or harmful to children. This includes banning “dark patterns” in online platform design that pressure unwanted actions (e.g. aggressive cookie permission pop-ups), curbing addictive design elements, and restricting targeted advertising based on children’s data.
- Data Privacy Standards: The bill mandates robust data privacy standards for children’s information. This includes limitations on what data can be collected, how it’s used, and with whom it’s shared; as well as mandating that all default privacy settings provided to children offer a high level of privacy. Additionally, companies are required to maintain strong security measures to protect this sensitive data.
- Enforcement Mechanisms: H 4842 proposes mechanisms to hold covered entities accountable for violations. The South Carolina Attorney General would be empowered to demand the production of a business’s data protection impact assessments (DPIA), to assess civil penalties and fees, and to petition South Carolina courts for injunctive relief to enjoin any business practice that violates the Act.
Legal Landscape and Potential Impact:
While H 4842’s intent is clear, its legal implications require careful analysis. Key considerations include:
- Federal Preemption: Existing federal laws, like the Children’s Online Privacy Protection Act (COPPA), govern aspects of online child safety. COPPA is enforced by the Federal Trade Commission (FTC), which just recently proposed strengthening COPPA to further limit companies’ abilities to monetize children’s data. While such proposed COPPA changes have a long way to go until they are enacted, any state-level legislation would need to ensure that its provisions are complementary to federal standards.
- First Amendment Considerations: Balancing children’s protection with freedom of expression online necessitates careful assessment. Fortunately, H 4842 and other state’s Age-Appropriate Design Code bills have been drafted to assuage many of the First Amendment concerns felt by critics of California’s CAADCA.
- Compliance Burdens and Industry Impact: The feasibility of implementing the proposed requirements and their potential impact on platform functionalities and innovation demand thorough evaluation. Businesses who would qualify as “covered entities” under H 4842 should consult with legal counsel to ensure their platforms are compliant.
Next Steps: Informed Dialogue and Legislative Refinement:
H 4842 was introduced on January 16, 2024, and has since been referred to the House Judiciary Committee, where it now awaits debate. As H 4842 navigates the legislative process, informed dialogue and robust analysis are essential. Stakeholders, including legal experts, technology companies, and child advocacy groups, must engage in constructive discussions to:
- Identify potential legal challenges and propose solutions that ensure compliance with existing legal frameworks.
- Analyze the impact on free speech and explore approaches that safeguard children without unduly restricting online expression.
- Assess industry burdens and work towards feasible implementation mechanisms that minimize negative impacts on innovation.
By focusing on the balancing act between protection and expression, South Carolina can craft a practical Age-Appropriate Design Code that effectively protects children online while navigating the complex legal and technological landscape. H 4842, while in its early stages, presents a significant opportunity to contribute to the national conversation on online child safety and create substantial momentum for additional (and necessary) consumer privacy legislation in the future.
Disclaimer: This blog post is not a substitute for legal advice. Please consult with an attorney for specific questions.
About Jacob Flowers
Jacob A. Flowers, JD, CIPP/US, practices in the Construction, Products Liability, and Trucking Defense groups and serves as chair of the Privacy, Data Management, and Cybersecurity practice group at Collins & Lacy. As a Certified Information Privacy Professional (CIPP/US), Jacob utilizes specialized knowledge of the legal framework and challenges of state, federal, and international privacy laws and regulations serve as a trusted advisor to clients in matters related to privacy, security, and information management issues, including privacy program management regulatory compliance, data management, and privacy-related litigation.