Social media apps on the screen of an electronic device


Image by Pixelkult from Pixabay.

Disclosure Obligations, Hate Speech & AG Reports

Legislators across the United States have been grappling with how to regulate social media companies. In Texas, the 5th Circuit upheld a law limiting how social media platforms can moderate content.[1] In Florida, a brief was filed asking the U.S. Supreme Court to reverse the 11th Circuit’s decision to strike down a law preventing how social media platforms can moderate users.[2] Now, with Governor Newsom signing AB 587 into law, California joins the legislative efforts.

Effective January 1, 2024, AB 587 imposes new disclosure and reporting obligations on companies operating social media platforms. A social media platform falls under the law if:

  • The company operating the platform generated at least one hundred million in gross revenue during the preceding calendar year;[3]
  • The platform is a “public or semipublic internet-based service or application”[4] with users “in California;”[5]
  • A substantial function of the platform is to connect users to allow them to “interact socially” with each other in the platform;[6] and
  • Users can:
    • construct “public or semipublic” profiles for the purpose of signing in and using the platform;[7]
    • populate a list of other users with whom they share a social connection within the platform;[8] and
    • post content viewable by other users.[9]

In addition, the law does not apply to services or applications for which user interactions are limited to direct messages, commercial transactions, or consumer reviews of products, sellers, services, events, or places, or any combination thereof.[10]

Disclosure Obligations

A covered social media platform must disclose to users the existence and contents of the platform’s terms of service.[11] In addition, the terms of service must disclose:

Image of computer coding. Some of the coding is blurred.


Image Credit: Markus Spiske from Unsplash

***Update: On September 15, 2022, Governor Newsom signed AB 2273, establishing the California Age-Appropriate Design Code Act.

Who It Covers, What It Requires & How It Compares to the UK

Effective July 1, 2024, the California Age-Appropriate Design Code imposes obligations on businesses[1] that provide an “online service, product, or feature” that is “likely to be accessed by children.”[2] Children are defined as California residents[3] “who are under 18 years of age.”[4] The law provides factors for whether an online service, product, or feature (S/P/F) is “likely to be accessed” by California residents under the age of 18:[5]

  • It is directed to children as defined by COPPA.[6]
  • It is determined, based on competent and reliable evidence regarding audience composition, to be routinely accessed by a significant number of children, or it is substantially similar to an online S/P/F that meets this factor.
  • It displays advertisements marketed to children.
  • It has design elements known to be of interest to children, including games, cartoons, music, and celebrities who appeal to children.
  • Based on internal research, a significant amount of the audience is children.

An online S/P/F is defined by what it is not, and the definition notably exempts the “delivery or use of a physical product.”[7] This exemption diverts from the UK version of the law, which covers “connected toys and devices.”[8]

Compared to the UK’s Common-Sense Approach

The US version of the law provides no guidance on what it means for a “significant number of children” to “routinely access[]” the online S/P/F. However, the law makes clear in its legislative findings that covered businesses may look to guidance and innovation in response to the UK version when developing US-covered online S/P/F.[9]

ICO states that the term “likely to be accessed by” is purposefully broad, covering “services that children [are] using in reality,” not just those services specifically targeting children.[10] However, ICO recognizes that the term is not so broad as to “cover all services that children could possibly access.”[11] The key difference is whether it is “more probable than not” that an online S/P/F will be accessed by children, and businesses should take a “common sense approach to this question.”[12]

To illustrate this point:


Press Release – Metaverse Law

On or about 7/5/2022, Falcon Rappaport & Berkman PLLC (“FRB”) and Metaverse Law Corporation (“Metaverse Law”) have agreed to resolve their dispute in the United States District Court for the Southern District of New York. As part of a global resolution, the parties have agreed that FRB can refer to itself as a metaverse law firm in a descriptive manner, given the proliferation and greater accessibility of the public into metaverse, Web 3.0, and virtual reality spaces. Nevertheless, the parties agree that METAVERSE LAW remains Metaverse Law’s trademark and Metaverse Law maintains the right to prosecute any non-descriptive infringement of the mark’s use.

FRB is a full-service business law firm that combines the deep knowledge and understanding of attorneys who proudly advise clients seeking solutions to their most complex matters, including businesses and individuals working in cryptocurrency and NFTs. FRB has led the charge into the metaverse and opened a law office in Decentraland in August 2021 (located at Parcel 25, -125). FRB differentiates itself by approaching matters with a level of depth and variety of skills unmatched by typical advisors, following through on a firm-wide commitment to excellent service, offering access to thought leaders in numerous areas of professional practice, and engaging in a partnership with clients to develop and achieve legal, business, and personal objectives.

Metaverse Law launched in 2018 and is a California-based privacy, AI, and cybersecurity law firm. Metaverse Law assists startups to multinationals with their CCPA, GDPR, and other data privacy obligations. Metaverse Law is a proponent of decentralized virtual reality spaces (as opposed to the panopticon of a singular dystopian metaverse) and advises tech companies and law firms alike on consumer privacy, ethics, and good governance inside and outside of their metaverses.

Map of the United States - State Privacy Laws

And Then There Were Five…

Image Credit: Free-Photos from Pixabay.

Just last summer, in July of 2021, Colorado joined California and Virginia, and became the third U.S. state with a comprehensive consumer privacy law. The Colorado Privacy Act is set to take effect in July 2023.

Hot on its heels, and within just two months of each other, first Utah in March of 2022, now Connecticut in May of 2022, passed privacy bills which will become effective in 2023.

So far, California remains the only state which allows for a private right of action in connection with its privacy bill. For more information, please see our comparison of the current U.S. state consumer privacy laws below.

For our unofficial redline of the CPRA, click here.

Follow these links for the official text of the CPRA, CPA, CTDPA, UCPA, and VCDPA.

To view and download a PDF version of this chart, click here.

Image of Lily Li, Founder of Metaverse Law and time and date for Evenness' de:centralized series '22 event "The Principles of a Fair & Trustworthy Economy."

Metaverse Law to Speak at World IP Day event

On April 26th, World IP Day, Lily Li of Metaverse Law will be a panel speaker for the “Principles of a Fair and Trustworthy Economy” event. This event is organized by Evenness in partnership with Women in AI and is part of a series of events about frontier technologies, the metaverse, NFTs, virtual fashion and more.

Join us on April 26th at 11am EST/ 8am PST/ 5pm CET for this event. The virtual doors open 30 minutes before the event. Click here for more information.

1 2 3 14