California Minor Online Privacy Law Explained

A recent law to pass in California increases online privacy for minors. Specifically, Senate Bill 568 permits minors to permanently delete their Internet posts from websites such as Facebook, Twitter, and the like, and additionally, requires those website owners to provide that erasing feature.

The law, which will take full effect in January 2015, aims to protect children and adolescents under the age of 18 from living with the harmful consequences that misguided pictures, videos, and text can carry for years to come. For example, an increasing number of college admissions officers and potential employers check social media sites as part of the application process. Thus, evidence of immature behavior could prevent minors from getting into a school or landing a job.

In addition to mandating that websites provide a permanent delete feature for unwanted content, the bill also requires websites that are specifically directed to minors to ban advertisements featuring harmful products, such as alcohol, firearms, and other restricted products. This prohibition also applies to general interest websites when the site owner has actual knowledge that the user is under 18-years-old.

There are, however, a few caveats to the new legislation. For instance, a website owner is not required to erase content which has previously been re-posted by a third party before a minor took action to remove it. Moreover, the bill doesn’t guarantee complete removal of unwanted content, the eraser option is only available to the minor who originally posted the content, and websites are not required to delete the information from its data servers.

While the new legislation has many supporters, there are groups that find faults in the proposed plan. One challenge being that as California is the first and only state to require websites to provide this service, it will force web owners, who are unbound by state lines, to collaborate policies in order to comply with each state’s differing laws. Notably, challengers of the bill also maintain that online content can sometimes serve as evidence of a crime, and that the ability to permanently delete culpable content risks interfering with identifying ownership of that crime.

If you see a privacy lawyer, contact the expert privacy lawyers at Revision Legal at 855-473-8474.

California’s Expanding Framework for Minor Online Privacy

California Senate Bill 568, effective January 1, 2015 and codified at Cal. Bus. & Prof. Code §§ 22580–22582, was an early but significant step in the broader movement toward protecting minors’ online privacy. Since its enactment, California has continued to expand its regulatory framework for minors and online platforms, culminating in the California Age-Appropriate Design Code Act (AB 2273), which took effect in 2024 and imposes significant design and compliance obligations on companies whose platforms are likely to be accessed by children under 18.

Federal Law: COPPA

At the federal level, the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6508, and the FTC’s implementing regulations at 16 C.F.R. Part 312 govern the online collection of personal information from children under 13. COPPA imposes strict requirements on operators of websites and online services directed to children, or that have actual knowledge that they are collecting personal information from children under 13:

• Provide clear and prominent notice of what information is collected from children, how it is used, and how it is disclosed.
• Obtain verifiable parental consent before collecting, using, or disclosing personal information from children under 13.
• Give parents the right to review and delete their child’s personal information.
• Not condition a child’s participation in an activity on the disclosure of more personal information than is reasonably necessary.
• Maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.

COPPA violations carry civil penalties of up to $50,120 per violation (as adjusted for inflation), and the FTC has assessed tens of millions of dollars in penalties against companies including Google/YouTube ($170 million in 2019), TikTok ($5.7 million in 2019), and others.

The Age-Appropriate Design Code: What Platforms Must Do

California’s AB 2273 imposes affirmative design obligations on businesses that provide online products, services, or features likely to be accessed by children under 18. Key requirements include:

• Conduct a Data Protection Impact Assessment (DPIA) before offering any new online product likely to be accessed by children.
• Apply default privacy settings that offer the highest level of privacy for child users.
• Not use personal information in ways that are detrimental to children’s health, safety, or welfare.
• Not collect, sell, or retain geolocation information of child users unless strictly necessary for service delivery.
• Not use design features that lead or encourage children to engage in privacy-diminishing actions.
• Not profile child users unless strictly necessary for the provision of the service.

The California Attorney General is authorized to enforce AB 2273, with civil penalties of up to $2,500 per affected child per negligent violation and up to $7,500 per intentional violation. For platforms serving millions of child users, the potential liability is enormous.

Compliance Obligations for Online Businesses

The combined effect of SB 568, COPPA, and AB 2273 creates a complex compliance environment for online businesses that may have child users. The threshold question is whether your platform qualifies as directed to children or whether you have actual knowledge that children are using your service. If either condition is met, a comprehensive compliance analysis is required.

Key compliance steps include: auditing data collection practices against applicable law; implementing age-gating mechanisms where appropriate; updating privacy policies to include required disclosures; implementing parental consent mechanisms for COPPA-covered services; and reviewing product design for features that may be harmful to minors under AB 2273.

If you have questions about privacy law or regulatory compliance, contact the attorneys at Revision Legal. Call us at 855-473-8474 or complete our contact form.

Responding to State Privacy Law Requirements

California’s SB 568 was a precursor to a wave of state legislation governing minors’ online privacy and broader consumer data rights. Businesses that operate websites and apps must now navigate a patchwork of state privacy laws that impose differing requirements depending on where their users are located. Beyond California, similar laws have passed or are pending in Virginia, Colorado, Connecticut, Texas, and dozens of other states.

For businesses that may have users under 18, the obligations are more severe: COPPA requirements at the federal level, California’s CAADCA at the state level, and similar laws in other jurisdictions. The compliance obligation is not geographic — a business based in Michigan that collects data from California minors must comply with California law.

Developing a proactive privacy compliance program — rather than reacting to enforcement actions — is significantly less expensive than the alternative. Privacy regulators have shown willingness to pursue enforcement actions against businesses that collect data from minors without required consent and disclosure practices. Revision Legal’s privacy attorneys help businesses assess their compliance posture and implement the policies and technical measures needed to comply with applicable law.

Contact the internet lawyers at Revision Legal with questions about internet law or website compliance. Call 855-473-8474 or complete our contact form.