SB 1444

Bill Subjects

Abstract

Existing law establishes various online privacy rights for minors, including prohibiting the operator of an internet website, online service, online application, or mobile application from marketing or advertising specified types of products or services to a minor, and requires an operator to permit a registered user who is a minor to remove content or information posted. This bill, beginning July 1, 2025, would require large social media platform providers, as defined, to create, maintain, and make available to specified third-party safety software providers a set of third-party-accessible application programming interfaces to allow a third-party safety software provider, upon authorization by a child or a parent or legal guardian of a child, to manage a child's online interactions, content, and account settings and initiate secure transfers of the child's user data for these purposes, as provided. The bill would prohibit the third-party safety software provider from disclosing user data unless specified exceptions apply, and would authorize the child or the parent or legal guardian, as applicable, to revoke the authorization with the third-party safety software provider or disable the account with the large social media provider. The bill would require the third-party safety software provider to register with the Attorney General's office as a condition of accessing an application programming interface from a large social media platform provider and would require the Attorney General to affirm that the third-party safety software provider meets specified requirements, including that it is solely engaged in the business of internet safety. The bill would also require a large social media platform to register with the Attorney General's office within 30 days of meeting specified requirements, including that it enables a child to share images, text, or video through the internet with other users of the service, as provided, and has more than 100,000,000 monthly global active users or generates more than $1,000,000,000 in gross revenue per year, as provided. The bill would authorize the Attorney General to deregister or issue a civil penalty not to exceed $5,000 per violation to a third-party safety software provider if specified conditions occur. The bill would require the Attorney General to post both registration lists on its internet website, and to establish processes to deregister third-party safety software providers and large social media platform providers if certain criteria is met. The bill would provide that a large social media platform provider is not liable for damages arising out of the transfer of user data to a third-party safety software provider in accordance with these provisions if the large social media platform provider has in good faith complied with specified requirements. The bill would require the Department of Technology, before July 1, 2025, to issue guidance for large social media providers and third-party software providers regarding the implementation and maintenance of technical standards to protect user data, as specified, and would require the Department of Technology to biennially update that guidance. This bill would require a third-party safety software provider receiving any data pursuant to these provisions to at least annually enlist a qualified independent auditing firm to audit its privacy, security, and legal compliance, as provided. The bill would require the auditor to provide the audit findings, including a summary of those findings, directly to the Attorney General and the third-party safety software provider. The bill would authorize the Attorney General to deregister, suspend, or issue a civil penalty to a third-party safety software provider based on an auditor's findings of willful or grossly negligent conduct or a third-party safety software provider's negligent failure to respond to an unusual finding, as specified. The California Privacy Rights Act of 2020 authorizes the Legislature to amend the act to further the purposes and intent of the act by a majority vote of both houses of the Legislature, as specified. This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020. Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest. This bill would make legislative findings to that effect.