FPF Releases Comparative Analysis of California and U.K. Age-Appropriate Design Codes
The Future of Privacy Forum (FPF) today released a new policy brief comparing the California Age-Appropriate Design Code Act (AADC), a first-of-its-kind privacy-by-design law in the United States, and the United Kingdom’s Age-Appropriate Design Code. While there are distinctions between the two codes, the California AADC, which is set to become enforceable on July 1, 2024, was modeled after the UK’s version and represents a significant change in the regulation of the technology industry and how children will experience online products and services.
Download the POLICY BRIEF: Comparing the UK and California Age-Appropriate Design Codes.
“Understanding the requirements of both the UK and California codes, and in particular where they differ, is critical for companies in the US and abroad who may soon be covered under one – or both – codes,” said Chloe Altieri, Youth & Education Privacy policy counsel for FPF and an author of the report. “The explanations and examples in the UK code, many of which are not yet defined in California’s version, may provide helpful compliance insights.”
The report builds on FPF’s in-depth analysis of the California AADC, published in October, and contains a side-by-side comparison of the 15 standards laid out in the UK AADC to the corresponding text of the California AADC, including the “best interests of the child” standard, age assurance, default settings, parental controls, enforcement, and data protection impact assessments.
The report also outlines several broader distinctions between the California and UK codes, including, crucially, how the underlying regulatory frameworks differ. While both codes build on the aims of their respective consumer privacy laws (the UK’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act), the California AADC is standalone legislation that will be independently enforced, while the UK AADC and GDPR are linked, and enforcement falls to the UK Information Commissioner’s Office (ICO). The UK AADC is also “rooted” in Article 3 of the United Nations Convention on the Rights of the Child (UNCRC), an international treaty ratified by 195 countries, including the UK, but not the US. While the California AADC uses a similar “best interests of children” standard, without the foundation of the UNCRC, there is much less certainty in how businesses should make that determination.
“As policymakers in other states start to consider similar age-appropriate design code legislation, understanding how and why the California and UK codes differ will be critical,” said Bailey Sanchez, Youth & Education Privacy policy counsel at FPF and an author of the report. “It is not as simple as copying and pasting the UK code in California or anywhere else. California’s version was adapted to fit the legal landscape in the US and the state, which has a unique consumer privacy landscape. Other states will need to make their own adjustments.”
FPF’s youth and education privacy team is closely monitoring the implementation of the California AADC. Catch up on previous blog posts tracking the bill’s progress and our formal analysis once the bill was signed into law. To access the Youth & Ed team’s child and student privacy resources, visit www.StudentPrivacyCompass.org and follow the team on Twitter at @SPrivacyCompass.
