The Ninth Circuit Court of Appeals has affirmed significant portions of California’s child privacy and online safety laws, signaling a shift in the legal landscape governing digital protections for children. In its March 2026 ruling in NetChoice v. Bonta, the court upheld aspects of the California Age-Appropriate Design Code (CAADC) and clarified key constitutional issues around these laws.
The court rejected NetChoice, a tech industry trade association’s, argument that the law’s focus on businesses “likely to be accessed by children” made the statute content-based and therefore subject to strict First Amendment scrutiny. Instead, the court found this coverage definition relies on audience composition data rather than content, meaning the law is content-neutral and subject to intermediate scrutiny.
Further, the court found no substantial First Amendment violation in the law’s requirement for age estimation. It emphasized that age verification’s purpose—to provide privacy protections rather than restrict access to content—affects constitutional review and noted that businesses may choose not to conduct age estimation but must then apply general data protections for all users.
However, the Ninth Circuit did strike down as unconstitutionally vague certain provisions relating to “data use” defined by “best interests of children” and prohibitions on “material detriment.” The court reasoned that terms like “sleep loss, distraction, or hurt feelings” lack clear definitions, creating ambiguity for businesses trying to comply with the law.
Why it matters
This ruling offers a legal roadmap for lawmakers and advocates promoting child safety online, indicating that thoughtful regulations addressing platform design and data practices can withstand constitutional challenge if carefully drafted. It confirms that laws targeting audiences rather than speech content are less likely to be struck down, and that age estimation tied to privacy protections does not inherently violate free speech rights.
The decision also underscores the importance of clear, precise language in defining harms to children and sets a high bar for facial constitutional challenges, requiring challengers to present detailed factual records.
Background
The CAADC, signed into law in 2023, aims to impose data privacy and design requirements on online platforms likely accessed by minors to protect children from harms such as addictive design features and data misuse. It follows California’s earlier Protecting Our Kids from Social Media Addiction Act (SB 976), which the Ninth Circuit also upheld in 2025 against similar challenges.
The focus on design and data use follows a series of legal actions holding social media companies accountable for harms to minors, including recent verdicts against Meta for negligence in platform design.
Guidance for future child safety laws
The Ninth Circuit’s decision outlines four key principles for future legislation: (1) define covered platforms based on child audience metrics, not content; (2) ensure age estimation methods are privacy-protective and voluntary; (3) distinguish age estimation used for privacy or protective design from content access restrictions; and (4) avoid vague terms like “best interests of children” without clear definitions.
This framework aims to balance protecting children online with preserving constitutional rights, offering lawmakers a clearer path to creating enforceable, durable child safety laws in the digital age.
Sources
This article is based on reporting and publicly available information from the following source:
Read more AI Regulation stories on Goka World News.