Today, Emma Llansó, CDT Policy Counsel, will testify before the California State Assembly Committee on Arts, Entertainment, Sports, Tourism, and Internet Media urging Members of the Committee to reject two bills that recently passed the California Senate. Both bills aim to protect children’s privacy, but would seriously burden minors’ First Amendment rights by limiting their access to information while also limiting their access to platforms for their own speech. Ms. Llansó’s full testimony is available here .
SB 501 , the Social Networking Privacy Act, would require social networking websites to remove a user’s personal identifying information at the request of the user or, if the user is under the age of 18, at the request of the user or his or her parent or legal guardian. SB 568  on Privacy Rights for California Minors in the Digital World would place new restrictions on websites and online services that have users who are under 18 years old. If passed, websites or services “directed to minors” or with “actual knowledge” of a minor’s use would be barred from advertising specific products and services to minors. The bill would also require websites and online services to provide an opportunity for users under the age of 18 to request removal of content that they posted.
CDT’s primary concern with SB 501 is its potential burden on minors’ own First Amendment rights. SB 501 would provide a potential parental veto over minors’ communications, empowering parents to suppress minors’ statements about sexual identity, reproductive choice, religion, political affiliation, and similarly intimate and sensitive matters. CDT is also concerned that the bill would violate the First Amendment rights of adult users. The bill would give a user the right to order the takedown of any “personal identifying information” pertaining to him, regardless of whether he was the initial poster of the information. This extremely broad deletion right could be used to compel deletion of truthful information, even if it was lawfully obtained.
Further, SB 501 places impractical burdens on social networking operators and would likely lead operators to bar minors from their sites and services. An operator attempting to comply with the bill would need to collect significant amounts of sensitive information from users in order to confirm a user’s identity or a purported parent-child relationship. This data gathering runs directly counter to the bill’s goal of protecting privacy. The significant challenges in verifying identity, coupled with the exorbitant $10,000 fine for each failure to comply, would encourage service providers’ unreserved compliance with takedown requests. Such a strict, mandatory notice-and-takedown system would be vulnerable to abuse—even more so than the often-abused  takedown regime for copyrighted materials under the Digital Millennium Copyright Act, which contains many protections for speech that are missing from SB 501. Rather than risk the costs, liability and excessive takedowns that could come with attempting to comply with SB 568, many social networking websites will likely just prohibit minors from creating accounts. As a result, children will simply not be able to use those services, whether to speak for themselves or to access the constitutionally protected content published there. Or, they will simply lie about their ages  to use those services, leading to an even worse situation where providers will be unable to provide any special privacy protections or services for their younger users.
SB 568, like SB 501, would also limit minors’ access to constitutionally protected material. The vague and unclear prohibitions would produce uncertainty regarding which websites are covered by the law, and would likely cause operators to bar minors from their sites in order to ensure compliance. This ambiguity will affect websites and services that are popular with teenaged Internet users as well as adults. These include social networking platforms such as Tumblr and Instagram, news-aggregating sites such as Reddit and BuzzFeed, and popular apps such as Angry Birds and Pandora Radio. These sites certainly have many users who are minors, but are they “directed to minors”? The answer is unclear, and the result may be that such services—rather than risk liability under the law—will simply refuse to host advertisements for those products and services that SB 568 says are inappropriate for children. Such a result would likely infringe on the rights of adults and minors who have a right to receive information about those products and services, and the rights of advertisers themselves. It would also likely infringe on the rights of the service providers, discriminating against them by regulating their advertising practices while ignoring the transmission of identical content via other media like television.
Also similar to SB 501, SB 568 may ironically result in decreased privacy protections for minors—and for everyone else. In an attempt to comply with SB 568, operators may seek to distinguish minors from adults and California residents from other users, requiring the collection and preservation of information profiles on each of its users. In this way and in several others, SB 568’s provision allowing minors to request the takedown of content that they have posted—although thankfully more narrow than SB 501’s takedown provision—raises many of the same problems as SB 501.
Finally, SB 568 also represents state-level regulation of online content, and would therefore violate the Commerce Clause of the U.S. Constitution. Long recognized by the courts as a medium of interstate commerce, the Internet cannot be regulated by any single state. If additional states follow California’s lead, operators will confront an unconstitutional patchwork of inconsistent state laws.
Protecting minors’ – and all users’ – privacy online is of utmost importance, and we appreciate the California Senate’s continuing work on this critical issue. However, both bills remain vulnerable to constitutional challenge and will create perverse incentives for operators to avoid creating content intended for users under 18 years old. For these reasons, CDT urges the California State Assembly to reject both SB 501 and SB 568 in favor of comprehensive consumer privacy laws that apply to all users.