Parent's Accountability and Child Protection Act

On September 28, 2018, Governor Jerry Brown of California approved Assembly Bill 2511, officially known as the Parent's Accountability and Child Protection Act.

The bill became enforceable on January 1, 2020.

Let's take a deeper look at the rules and requirements of the Act, as well as what you'll need to do to comply.

Background of the Parent's Accountability and Child Protection Act

In March 2018, the NBC news affiliate KCRA 3 conducted an investigation, which found that a 14-year old boy from Sacramento bought a BB gun online through the vast online retail giant Amazon.com.

The boy bought the BB gun by using an Amazon gift card and an account he set up under his name.

At the time, Amazon's Conditions of Use only noted that an individual had to be over 18 to use the site. In 2018, Amazon assumed that those who used the site and were under 18-years old had their parent's permission to do so.

Amazon has since updated its Privacy Policy, which the site notes also governs an individual's use of their site in addition to their Conditions of Use. The company's new terminology reads:

Following the investigation by KCRA 3, Consumer Watchdog and the Children's Advocacy Institute sent a letter to California's Attorney General, Xavier Becerra.

Following the letter to Mr. Becerra and after the KCRA 3 investigation State Assembly Member Ed Chau (D-Monterey Park) was quoted as saying:

"I was alarmed to learn that some online shopping sites have very relaxed systems in place for verifying the age of minors who are purchasing products they are not legally allowed to own. As a result, I have decided to amend my bill, AB 2511, to require that online shopping sites do more than solely rely on the word of a child when selling products that require an adult purchaser."

What Does the Parent's Accountability and Child Protection Act Require?

The Act demands that companies and individuals that do business in the state of California and that endeavor to sell specific services or products, to take "reasonable steps," as prescribed by the state.

For example, a step considered reasonable includes but isn't limited to confirming the individual's age making a purchase. Under the law, these companies and individuals must ensure that the buyer is of legal age when the purchase or delivery occurs.

The Act also forbids individuals and businesses covered by the law's provisions from keeping, using, or revealing any data received in efforts made to substantiate the age of a recipient or purchaser. Indeed these provisions concerning retention of data apply for any purposes other than strictly complying with the Act, other California laws, or abiding by state and federal court orders.

The Act was included in Cal. Civ. Code Sec. 1798.99.1, which are regulations concerning the sale of services or products to minors that California law deems illegal.

Who Does the Parent's Accountability and Child Protection Act Apply to?

As noted above, the Act covers any company or person that conducts business in California and plans to sell products and services deemed "illegal" under California law to sell to minors.

What Products and Services are Illegal Under the Parent's Accountability and Child Protection Act?

There are two lists of services and products, which are considered illegal when sold to minors under the Act. There are separate age verifications for each.

Services and Products listed in Cal. Civ. Code Sec. 1798.99.1's section (b)

Illegal items, when sold to minors, which are listed in 1798.99.1's section (b) include the following:

• Body branding, as mentioned in the Health and Safety Code (sections 119301 and 119302)
• Dietary supplements that contain ephedrine group alkaloids, as mentioned in the Health and Safety Code (section 110423.2)
• Tanning in ultraviolet tanning devices, as mentioned in the Business and Professions Code (sections 22702 and 22706)
• Dangerous fireworks as mentioned in the Health and Safety Code (sections 12505 and 12689)
• Etching cream, which is able to deface property as mentioned in the California Penal Code (section 594.1); and
• Aerosol containers of paint, which are able to deface property as mentioned in the Penal Code (section 594.1)

Services and Products listed in Cal. Civ. Code Sec. 1798.99.1's section (c)

Illegal items, when sold to minors, which are listed in 1798.99.1's section (c) include the following:

• Handguns or firearms as mentioned in the Penal Code (sections 16520, 16640, and 27505)
• BB guns, as mentioned in the Penal Code (sections 16250 and 19910)
• Ammunition, or ammunition which is reloaded as mentioned in the Penal Code (sections 16150 and 30300)
• All tobacco products including blunt wraps, cigarette papers, cigarettes, other tobacco preparations, paraphernalia or instruments designed for the ingestion or smoking of tobacco, products that are made from tobacco, or any other controlled substance, as mentioned in the Penal Code and the Business Professions Code (sections 308, 308.1, 308.2, and 308.3; and Division 8.5 starting with section 22950 respectively)
• Electronic cigarettes as mentioned in the Health and Safety Code (section 119406); and
• Less lethal weapons as mentioned in the Penal Code (sections 16780 and 19405)

How to Comply With the Parent's Accountability and Child Protection Act

To be compliant, if you or your business sell products or services within the state of California, then you must take steps to ensure that those who make purchases are of legal age at the time of delivery or purchase.

In other words, you can't sell any of the items or services listed above unless the person is of legal age.

According to the Act, reasonable steps to ensure age verification are:

• Putting into place a system that restricts individuals with accounts that are designated as those of a minor from buying prohibited goods or services
• Requiring that the buyer use a non-prepaid credit card to make online purchases
• Shipping the service or product to an individual who is of legal age, and
• Requiring the buyer or recipient to scan, input, display, or provide a government-issued form of identification, as long as the individual or company meets all demands of those laws that govern the retention, use, and revelation of personally identifiable information

Definitions of Government Issued IDs

The definition of government-issued IDs under the Act include the following:

• An identification card, which is issued by a tribal government that is federally recognized
• A valid consular identification document
• A valid military ID card issued by the United States Armed Forces, which includes a picture of the person and date of birth
• A valid passport issued by the American government or a foreign government
• A document issued by a municipal government, agency, or subdivision thereof, a county, a state, or by the federal government that includes but isn't limited to a valid driver's license or identification card

Limits on Data Retention

Compliance with the Act also means following data retention best practices, such as refraining from keeping, using, or disclosing any information or data received from a buyer or recipient when making an effort to verify the buyer's age.

In fact, you can't retain this data for any purposes other than necessary for you to comply with, or when you need to show compliance with, a state or federal court order, California law, or the Act.

Penalties for Non-Compliance with the Parent's Accountability and Child Protection Act

If you are discovered to be non-compliant with the Act, a "public prosecutor" may bring an action to enforce the law. Those found to have violated the Act are subject to a civil penalty, which may reach up to $7,500 for every infringement.

Updates on the Parent's Accountability and Child Protection Act

Assembly Member James Gallagher (R-District 3) introduced an amendment to the Act that specifically dealt with social media applications and websites.

It passed both the State House and Senate, but California's Governor Gavin Newsom vetoed it on September 29, 2020. In his veto message, Governor Newsom stated that "AB 1138 would only create 'unnecessary confusion' given its overlap with federal law."

The federal law Governor Newsom was referencing is the Children's Online Privacy Protection Act (COPPA), which requires online service operators or websites to acquire verifiable guardian or parental consent before collecting any minor's personal information under the age of 13.

AB 1138 would have required an individual or company that does business in California and operates a social media application or media website from permitting a minor, whom the individual or business "actually knows" is under 13-years old, to create an account with the application or website.

The only circumstance wherein the minor could create an account with the social media application or website is when the business or individual acquired consent from the minor's parent or legal guardian.

Rules for Parents and Guardians

Under the amendment, parents and guardians would have been required to:

• Provide verifiable consent per the Children's Online Privacy Protection Act (COPPA)
• Provide a copy of an identification card with a photograph, which the person or company can then compare to another photograph using facial recognition technology
• Answer a series of security challenge questions, which would be knowledge-based. These would be questions designed to be hard for anyone except the legal guardian to answer
• Provide a government-issued identification card, which could be checked against a database with the caveat that the person or business must delete the identification from all records after finishing the verification process
• Connect via video conferencing software to staff who are trained to make sure that the person attempting to authorize the account is the legal guardian of the minor
• Call a toll-free number attended by staff who are trained to make sure that the person attempting to authorize the account is actually the legal guardian of the minor
• Provide online payment system information, credit card, or debit card that would give the parent or guardian notification of every transaction made using the minor's account
• Sign a consent form, which would then be sent to the business or person through electronic scans, United States mail, or by fax

Verifying children's consent can look like this:

Restrictions on Retention of Information

As with the rules governing the Act itself, the social media websites and applications covered under the amendment would have prohibited keeping, using, or disclosing personal information except as needed to show compliance.

Summary

The Parent's Accountability and Child Protection Act was passed to help protect the privacy of minors under the age of 18 and keep products and services deemed illegal for their age group out of their hands.

The Act applies to you and your company if you do business in the State of California and if you sell products and services that are considered illegal when sold to minors.

The Act lists many products and services which you cannot knowingly sell to minors. It also prohibits you and your company from retaining, using, or disclosing minors' personal information.

If you violate the Act and it can be proven that you have done so, you face a fine of up to $7,500 for every infraction.