Free subscription to the Capitol Journal keeps you current on legislative and regulatory news.
States Loosening Occupational Licensing Laws In an effort to boost their workforces, states are advancing legislation to loosen their occupational licensing laws. For example, the Louisiana House passed...
ME House Passes Restrictive Data Privacy Bill Maine’s House narrowly approved a bill ( LD 1977 ) that would impose restrictions on the digital information that companies can collect. Businesses...
By many if not most people’s standards, Heidi Clayton was a clear victim of workplace harassment . A member of the Atlantic City Police Department, Clayton was asked out on dates by a lieutenant...
MD Drug Affordability Board Weighing Caps on Eight Drugs Maryland’s Prescription Drug Affordability Board could soon impose price limits on up to eight drugs on state-run health insurance plans...
MD Passes Major Data Privacy Bills With the approval of a pair of bills last week, Maryland joined a handful of other states, including California, Connecticut, Texas and Utah, that have passed both...
Three times already this year, State Net Capitol Journal™ has reported on legislation concerning data privacy, which remains a hot topic among state lawmakers.
As we’ve reported, from Connecticut to California legislators have been passing laws to protect the online privacy of all their residents but children in particular.
Of all the forms data privacy bills take, the ones specifically addressing children have, understandably, received special attention, with impassioned legislators pushing for strong regulation.
There’s just one tiny problem with these bills: they’re getting challenged in court. A lot.
And federal judges are finding merit in those complaints.
In June, Arkansas’ Gov. Sarah Huckabee Sanders (R) signed into law SB 396, by Rep. Jon S. Eubanks (R) and Sens. Tyler Dees (R) and Jim Petty (R), which not only requires minors to seek parental consent to open a social media account but also mandates that social media platforms verify the account holder’s age.
Around the same time Texas Gov. Greg Abbott (R) signed into law HB 1181, by Rep. Matt Shaheen (R), which required any website that publishes “sexual material harmful to minors” to verify its users’ identities. Such websites under HB 1181 could include social media platforms.
In late June, NetChoice, the trade group representing online businesses like Google, Meta, Yahoo! and TikTok, sued in federal court to block implementation of the Arkansas law.
In early August, several plaintiffs, including the Free Speech Coalition, Inc., a trade association representing the “adult industry,” sued in federal court to block implementation of the Texas law.
On August 31, Timothy Lloyd Brooks, a U.S. district judge for the U.S. District Court for the Western District of Arkansas, issued a preliminary injunction barring enactment of SB 396.
The very same day, David Alan Ezra, a U.S. district judge for the U.S. District Court for the Western District of Texas, issued a preliminary injunction barring implementation of HB 1181.
Effectively, plaintiffs in both cases argued the bills infringed on online users’ First Amendment rights, and the judges agreed.
As these are both preliminary injunctions, the cases continue. But that was just the beginning of state data privacy laws losing at the courthouse.
In September 2022, California Gov. Gavin Newsom (D) signed into law AB 2273, by Assemblywoman Buffy Wicks (D).
Otherwise known as the California Age-Appropriate Design Code Act, AB 2273 was explicitly modeled after the United Kingdom’s Age Appropriate Design Code, requiring any business serving up web pages likely to be accessed by California youths to consider the children’s best interests when designing their sites.
Wicks’ bill received a lot of attention (from us and other news outlets) for its sweeping impact and its opposition from tech companies.
In mid-December 2022, NetChoice filed a lawsuit in federal court to block implementation of AB 2273.
On September 18, Beth Labson Freeman, a judge for the U.S. District Court for the Northern District of California, filed a preliminary injunction blocking the enactment of the California Age-Appropriate Design Code Act.
Once again, NetChoice argued that the bill violated First Amendment rights, and the judge agreed, with Freeman writing bluntly, “NetChoice has demonstrated that it is likely to succeed on at least one of its First Amendment theories.”
Again, this is a preliminary injunction, so the case continues. But it’s clear at this point state lawmakers’ efforts to limit minors’ access to online content isn’t going to be easy.
And tech companies aren’t going to let this go without a fight.
As of early August at least 35 states had considered legislation this year aimed at protecting children when they use the internet and social media, according to analysis by the National Conference of State Legislatures. Eleven states have already enacted such bills, including Arkansas (SB 66 and SB 396) and Texas (HB 18 and HB 1181).
<p> </p>
So, what does this mean for child data privacy laws? Are they done now?
Well, not necessarily.
Tech Policy Press writers Gabby Miller, Ben Lennett and Justin Hendrix recently wrote that ”rather than signaling a change in the tide, the lawsuits may ultimately spur a new round of bills that address flaws in those passed in the first wave.”
Tech Policy Press wrote that it recently attended a panel discussion put on by the National Conference of State Legislatures called “Protecting Kids on Social Media.”
“There, state lawmakers from different parties directed their animus not at one another, but rather at the tech industry front man who joined them on the stage,” Tech Policy Press wrote. “Minnesota State Representative Kristen Bahner (D-MN34B) and Utah Senator Michael McKell (R-UT25), legislators that both championed bills aimed at child online safety in their states, had it out with Carl Szabo, Vice President & General Counsel of NetChoice.
“The response in the room, which was crowded with lawmakers from across the country, suggested that while Szabo and his paymasters may win in courts in the near term, lawmakers in multiple states and from both parties are already preparing for round two.”
Bailey Sanchez, senior counsel with the Future of Privacy Forum’s Youth & Education team, agreed, telling SNCJ, “I don’t think lawmakers are following these and saying, ‘OK kids data privacy is done.’”
Rather, Sanchez said she expects lawmakers to absorb the courts’ rulings and make adjustments when they introduce new bills.
Advocates for data privacy say they’re certainly not going to be deterred by the recent court actions.
That includes Minnesota Rep. Kristin Bahner (D), who is sponsoring HB 2257, the Minnesota Age Appropriate Design Code Act, modeled after California’s bill. She told SNCJ she’s made some changes to her pending bill, but not in response to the lawsuits, which she sees more as evidence of the tech industry’s “gamesmanship” than a substantive challenge to policy.
Bahner said these lawsuits are not impacting the way she and others are looking at child data privacy laws.
“If anything,” she said, “these lawsuits tell me we are on the right track.”
—By SNCJ Correspondent BRIAN JOSEPH
Please visit our webpage to connect with a State Net representative and learn how the State Net legislative and regulatory tracking solution can help you identify, track, analyze and report on relevant legislative and regulatory developments.