are commonly referred to as internet of things (“IoT”) devices. This law became effective January 1, 2020. The new law aims to protect the security of both IoT devices, and any information contained on IoT devices. Manufacturers that sell or offer to sell a connected device in California must equip the device with a reasonable security feature or features that are all of the following: “(1) Appropriate to the nature and function of the device. (2) Appropriate to the information it may collect, contain, or transmit. (3) Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” 2018 Cal. Legis. Serv. Ch. 886 (S.B. 327) (to be codified at Cal. Civ. Code § 1798.91.04(a)). This IoT law does not provide for any private right of action, and it can be enforced only by the California attorney general, a city attorney, a county counsel, or a district attorney. California Age-Appropriate Design Act. On September 15, 2022, California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act (the “Act”), a law directed at businesses that provide online services, products, or features that are likely to be accessed by children under 18. The Act aims to hold children’s well-being over businesses’ commercial interests and implement robust privacy protections in light of children’s increased interactions online. It will work in conjunction with the California Consumer Privacy Act of 2018 (the “CCPA”), as amended by the California Privacy Rights Act of 2020 (the “CPRA”), to govern the privacy of California residents. The Act was supposed to take effect on July 1, 2024, but was partially enjoined by the Ninth Circuit. Under the law, companies would have been required to conduct data protection impact assessments documenting an eight- factor assessment of potential risk of harm to children for their online services offered to children. The court held that this report “compelled speech” and thus was subject to First Amendment scrutiny. And under that scrutiny, the Ninth Circuit ruled that there could have been a less restrictive way to accomplish protecting children than requiring a DPIA.
123
Made with FlippingBook - Online Brochure Maker