Image of computer coding. Some of the coding is blurred.


Image Credit: Markus Spiske from Unsplash

***Update: On September 15, 2022, Governor Newsom signed AB 2273, establishing the California Age-Appropriate Design Code Act.

Who It Covers, What It Requires & How It Compares to the UK

Effective July 1, 2024, the California Age-Appropriate Design Code imposes obligations on businesses[1] that provide an “online service, product, or feature” that is “likely to be accessed by children.”[2] Children are defined as California residents[3] “who are under 18 years of age.”[4] The law provides factors for whether an online service, product, or feature (S/P/F) is “likely to be accessed” by California residents under the age of 18:[5]

  • It is directed to children as defined by COPPA.[6]
  • It is determined, based on competent and reliable evidence regarding audience composition, to be routinely accessed by a significant number of children, or it is substantially similar to an online S/P/F that meets this factor.
  • It displays advertisements marketed to children.
  • It has design elements known to be of interest to children, including games, cartoons, music, and celebrities who appeal to children.
  • Based on internal research, a significant amount of the audience is children.

An online S/P/F is defined by what it is not, and the definition notably exempts the “delivery or use of a physical product.”[7] This exemption diverts from the UK version of the law, which covers “connected toys and devices.”[8]

Compared to the UK’s Common-Sense Approach

The US version of the law provides no guidance on what it means for a “significant number of children” to “routinely access[]” the online S/P/F. However, the law makes clear in its legislative findings that covered businesses may look to guidance and innovation in response to the UK version when developing US-covered online S/P/F.[9]

ICO states that the term “likely to be accessed by” is purposefully broad, covering “services that children [are] using in reality,” not just those services specifically targeting children.[10] However, ICO recognizes that the term is not so broad as to “cover all services that children could possibly access.”[11] The key difference is whether it is “more probable than not” that an online S/P/F will be accessed by children, and businesses should take a “common sense approach to this question.”[12]

To illustrate this point:


Press Release – Metaverse Law

On or about 7/5/2022, Falcon Rappaport & Berkman PLLC (“FRB”) and Metaverse Law Corporation (“Metaverse Law”) have agreed to resolve their dispute in the United States District Court for the Southern District of New York. As part of a global resolution, the parties have agreed that FRB can refer to itself as a metaverse law firm in a descriptive manner, given the proliferation and greater accessibility of the public into metaverse, Web 3.0, and virtual reality spaces. Nevertheless, the parties agree that METAVERSE LAW remains Metaverse Law’s trademark and Metaverse Law maintains the right to prosecute any non-descriptive infringement of the mark’s use.

FRB is a full-service business law firm that combines the deep knowledge and understanding of attorneys who proudly advise clients seeking solutions to their most complex matters, including businesses and individuals working in cryptocurrency and NFTs. FRB has led the charge into the metaverse and opened a law office in Decentraland in August 2021 (located at Parcel 25, -125). FRB differentiates itself by approaching matters with a level of depth and variety of skills unmatched by typical advisors, following through on a firm-wide commitment to excellent service, offering access to thought leaders in numerous areas of professional practice, and engaging in a partnership with clients to develop and achieve legal, business, and personal objectives.

Metaverse Law launched in 2018 and is a California-based privacy, AI, and cybersecurity law firm. Metaverse Law assists startups to multinationals with their CCPA, GDPR, and other data privacy obligations. Metaverse Law is a proponent of decentralized virtual reality spaces (as opposed to the panopticon of a singular dystopian metaverse) and advises tech companies and law firms alike on consumer privacy, ethics, and good governance inside and outside of their metaverses.

Map of the United States - State Privacy Laws

And Then There Were Five…

Image Credit: Free-Photos from Pixabay.

Just last summer, in July of 2021, Colorado joined California and Virginia, and became the third U.S. state with a comprehensive consumer privacy law. The Colorado Privacy Act is set to take effect in July 2023.

Hot on its heels, and within just two months of each other, first Utah in March of 2022, now Connecticut in May of 2022, passed privacy bills which will become effective in 2023.

So far, California remains the only state which allows for a private right of action in connection with its privacy bill. For more information, please see our comparison of the current U.S. state consumer privacy laws below.

For our unofficial redline of the CPRA, click here.

Follow these links for the official text of the CPRA, CPA, CTDPA, UCPA, and VCDPA.

To view and download a PDF version of this chart, click here.

Image of Lily Li, Founder of Metaverse Law and time and date for Evenness' de:centralized series '22 event "The Principles of a Fair & Trustworthy Economy."

Metaverse Law to Speak at World IP Day event

On April 26th, World IP Day, Lily Li of Metaverse Law will be a panel speaker for the “Principles of a Fair and Trustworthy Economy” event. This event is organized by Evenness in partnership with Women in AI and is part of a series of events about frontier technologies, the metaverse, NFTs, virtual fashion and more.

Join us on April 26th at 11am EST/ 8am PST/ 5pm CET for this event. The virtual doors open 30 minutes before the event. Click here for more information.

1 2 3 4 14