Eric Goldman Explains How California’s Age-Appropriate Design Code Bill (AB2273) Would Break the Internet

Last week, the California legislature voted unanimously to pass the California Age-Appropriate Design Code Act (AADC), AB 2273. If signed into law by Governor Newsom –he has not offered a public stance on the measure—the bill will require websites and apps that serve users younger than 18-years-old to “consider the best interests of children when designing, developing, and providing” their products.

The California bill is intended to address the growing concern about the amount of time kids spend online, what kind of data is collected about them, and how all that screen time might cause harm. For more information about these concerns, see “Lawmakers Want Social Media Companies to Stop Getting Kids Hooked” (Wired, June 15, 2022) and "Senators Propose the Kids Online Safety Act After Five Hearings with Tech Execs" (TechCrunch, February 16, 2022).

Touted by the bill’s sponsors as “protect kids online” bill and the “Kid’s Code,” proponents of the California bill say the new rules should reduce online risks for children while promoting their autonomy and well-being online. However, critics say the legislation is overly broad and could subject many more online services than necessary to burdensome rules.

Law professor Eric Goldman, Santa Clara University School of Law, says that the “AADC would radically reshape the Internet — and harm both kids and adults alike.” Professor Goldman is the Director of the High Tech Law Institute at Santa Clara University, and his research and teaching focuses on Internet law.

In “The Plan to Blow Up the Internet, Ostensibly to Protect Kids Online,” an op-ed piece in Capitol Weekly, Professor Goldman highlights crucial concerns of the bill and explains why the AADC would “counterproductively put kids and adults at greater risk and would break the Internet’s architecture.”

Below are a few excerpts from “The Plan to Blow Up the Internet, Ostensibly to Protect Kids Online,” by Eric Goldman (Capitol Weekly, August 18, 2022).

Age Authentication

The AADC requires businesses to adopt protective practices for children. On the surface, this sounds pretty good. However, to achieve this outcome, businesses must know which users are kids. This would require businesses to authenticate all of their users’ ages — and that is bad news for everyone.

Mandatory age authentication would change how everyone uses the Internet.

Currently, we casually go from site to site, seamlessly moving between services. Post-AADC, users will first be required to prove their age before they can visit any new site — even if they just plan to visit for a second, and even if they never plan to return.

The actual process of age authentication usually involves either (1) an interrogation of personal details or (2) evaluating the user’s face so that software can estimate the age. Neither process is error-free, and either imposes costs that some businesses can’t afford.

More importantly, the authentication process is highly invasive. Most people won’t want to share their sensitive details with every new site they visit, especially if they don’t know yet if they can trust the site.

Identity Authentication

To avoid making their users repetitively authenticate their age with each visit, many sites will authenticate users’ identity so they can recognize return visitors. But universal identity authentication creates even more problems. It prevents anonymous or pseudonymous browsing—something that’s critical to vulnerable communities with sensitive information needs, like LGBTQ individuals or people with medical or psychological conditions that they don’t want others to know about.

Identity authentication also discourages people from sharing criticism, such as negative consumer reviews, or whistleblowing about wrongful conduct.

Shrinking the Internet for Kids

Finally, the AADC’s overreaching obligations impose extraordinary liability risks on businesses, which businesses can manage only by closing their doors to minors altogether. In other words, the AADC will dramatically shrink the Internet for kids.

In a digital era where Internet expertise is essential for most jobs, AADC sends a regressive message that California kids should grow up digitally naïve. That will put California minors at a comparative professional disadvantage for the rest of their lives—another way AADC counterproductively hurts kids.

Read the full op-ed: “The Plan to Blow Up the Internet, Ostensibly to Protect Kids Online,” by Eric Goldman (Capitol Weekly, August 18, 2022).

Read More:

• “An Interview Regarding AB 2273/the California Age-Appropriate Design Code (AADC)” by Eric Goldman (Technology & Marketing Law Blog, September 7, 2022) Transcript from a media interview.
• “A Short Explainer of How California’s Age-Appropriate Design Code Bill (AB2273) Would Break the Internet” by Eric Goldman (Technology & Marketing Law Blog, August 8, 2022)
• “Will California Eliminate Anonymous Web Browsing? (Comments on CA AB 2273, The Age-Appropriate Design Code Act)” by Eric Goldman (Technology & Marketing Law Blog, June 27, 2022)
• “Sweeping Children’s Online Safety Bill Is Passed in California” (The New York Times, August 30, 2022)
• The entirety of the California Age-Appropriate Design Code Act.