California Law Creates “Right to Be Forgotten” for Kids

A new California privacy law will give children under 18 a limited “right to be forgotten.” SB 568, signed by Gov.Jerry Brown on Sept. 23, 2013 and effective as of Jan. 1, 2015, applies to any “operator of an Internet Web site, online service, online application, or mobile application directed to minors,” as well as to any operator “that has actual knowledge that a minor is using” its site. A site operator covered by the law must permit a minor who is a registered user of the operator’s website to remove or, if the operator prefers, to request and obtain removal of, content or information posted on the website by the user. The operator must also give notice of this right and provide minors with instructions on how to exercise it. There are a few exceptions from the law’s requirements, including situations where the information was posted “by a third party other than the minor,” where the operator “anonymizes” the information so that the minor cannot be individually identified, and where the minor was compensated for the content.

The law is based on the European Union’s proposed “right to be forgotten,” although that right is far broader and applies to people of all ages. The California law is written to protect any minor who resides in California. It is unclear at this time, however, whether California will be able to assert jurisdiction over out-of-state site operators that have only a small number of California users. The law is also likely to be challenged under the First Amendment’s guarantees of free speech and freedom of the press.

At this point, it is hard to predict whether and in what form the law will ultimately take effect. It is also not clear how the law will be enforced. Nonetheless, its requirements are so sweeping that companies that operate websites and apps directed at young people and that do substantial business in California should start to think about how they will comply.