){kind=logo}
The Ninth Circuit issued another decision on the preliminary injunction enjoining the enactment of California’s Age-Appropriate Design Code (AADC) on March 12, continuing the saga of the first AADC in America. The Ninth Circuit maintained an injunction enjoining some of the provisions, but many of the provisions are now active and enforceable. Below is a list of the provisions that are and are not effective after the March 12, 2026, decision.
The following sections are NOT effective:
Data Protection Impact Assessment Requirements (1798.99.31 (a)(1-4))
Prohibitions on dark patterns (1798.99.31(b)(7))
Prohibitions related to an online business using a child’s personal information in a way that is materially detrimental to the physical health, mental health, or well-being of a child (1798.99.31 (b)(1))
Limitations related to profiling a child by default (1798.99.31 (b)(2))
Limitations related to collection, selling, sharing or retaining any personal information of a child (1798.99.31(b)(3))
Limitations on the use of the personal information of a child. (1798.99.31(b)(4))
The below requirements are now effective and enforceable. Of note, unlike COPPA, which defines a child as under 13, the California AADC defines a child as a consumer under the age of 18, which makes compliance now even more difficult.
Required Age Estimation Technologies (1798.99.31(a)(5))
Required Default Privacy Setting. All privacy settings provided to children by the online service must be set to high by default (1798.99.31(a)(6)) (The Ninth Circuit did not list this section as being enjoined, but NetChoice appears to be arguing that it is enjoined because it includes the unconstitutionally vague phrase “best interests” of a child. This may be determined by the district court on remand.)
If the online service allows the child’s parent or guardian or any other consumer to monitor the child’s online activity or track the child’s location, the online service must provide an obvious signal to the child when the child is being monitored or tracked (1798.99.31(a)(8)).
Provide an obvious sign to the child for the duration that the online service is collecting precise geolocation information (1798.99.31(b)(6))
Provide prominent, accessible and responsive tools to help children or, if applicable, their parents or guardians, exercise their privacy rights and report concerns (1798.99.31(a)(10))
Limitations on the collection, sale or sharing of any precise geolocation information of a child by default (1798.99.31(b)(5))
Prohibition on the use of any personal information collected for age estimation purposes for any use other than age estimation or age assurance (1798.99.31(b)(8))
Must have a privacy policy and terms of use that are prominent and use clear language suited to the age of the children using the online service (1798.99.31(a)(7)) and enforce the policies (1798.99.31(a)(9))
Unless the district court again enjoins the AADC, companies may have to scramble to comply with many of the provisions of the California AADC that are now effective – especially since these provisions apply to both children under the age of 13 and teens.
