AMENDED IN SENATE AUGUST 22, 2022

AMENDED IN SENATE AUGUST 11, 2022

AMENDED IN SENATE JUNE 30, 2022
AMENDED IN ASSEMBLY APRIL 26, 2022
california legislature—2021–22 regular session

ASSEMBLY BILL No. 2273

Introduced by Assembly Members Wicks, Cunningham, and

Petrie-Norris
(Coauthors: Senators Allen, Newman, and Stern)

February 16, 2022

An act to add Title 1.81.46 1.81.47 (commencing with Section

1798.99.28) to Part 4 of Division 3 of of, and to repeal Section
1798.99.32 of, the Civil Code, relating to consumer privacy.

legislative counsel’s digest

AB 2273, as amended, Wicks. The California Age-Appropriate
Design Code Act.
(1)  Existing law, the California Privacy Rights Act of 2020, approved
by the voters as Proposition 24 at the November 3, 2020, statewide
general election, establishes the California Privacy Protection Agency.
Existing law vests the agency with full administrative power, authority,
and jurisdiction to implement and enforce the California Consumer
Privacy Act of 2018 and requires the agency to be governed by a board.
Existing law requires businesses to protect consumer privacy and
information, make certain disclosures to consumers regarding a
consumer’s rights under the act in a specified manner, and disclose to
consumers that a consumer has the right to request specific pieces of

95
AB 2273 —2—

information, including the categories of information those businesses

have collected about that consumer.
Existing law, the Parent’s Accountability and Child Protection Act,
requires a person or business that conducts business in California and
that seeks to sell specified products or services to take reasonable steps
to ensure that the purchaser is of legal age at the time of purchase or
delivery, including verifying the age of the purchaser. Existing law
prohibits a person or business that is required to comply with these
provisions from retaining, using, or disclosing any information it
receives in an effort to verify age from a purchaser or recipient for any
other purpose, except as specified, and subjects a business or person
that violates these provisions to a civil penalty.
This bill would enact the California Age-Appropriate Design Code
Act, which, commencing July 1, 2024, would, among other things,
require a business that provides an online service, product, or feature
likely to be accessed by children to comply with specified requirements,
including configuring a requirement to configure all default privacy
settings offered by the online service, product, or feature to the settings
that offer a high level of privacy, unless the business can demonstrate
a compelling reason that a different setting is in the best interests of
children, and providing to provide privacy information, terms of service,
policies, and community standards concisely, prominently, and using
clear language suited to the age of children likely to access that online
service, product, or feature. The bill would require a business, before
any new online services, products, or features are offered to the public,
to complete a Data Protection Impact Assessment, as defined, for any
online service, product, or feature likely to be accessed by children and
maintain documentation of this assessment as long as the online service,
product, or feature is likely to be accessed by children. The bill would
require a business to make a Data Protection Impact Assessment
available, within 5 business days, to the Attorney General pursuant to
a written request and would exempt a Data Protection Impact
Assessment from public disclose, disclosure, as prescribed. The bill
would prohibit a business that provides an online service, product, or
feature likely to be accessed by children from taking proscribed action,
including, if the end user is a child, using personal information for any
reason other than a reason for which the personal information was
collected, unless the business can demonstrate a compelling reason that
use of the personal information is in the best interests of children.

95
 —3— AB 2273

This bill would create the California Children’s Data Protection

Working Group to deliver a report to the Legislature regarding best
practices for the implementation of these provisions, as specified. The
bill would require the members of the working group to have certain
expertise, including in the areas of children’s data privacy and children’s
rights. The bill would require the working group to take input from a
broad range of stakeholders, including from academia, consumer
advocacy groups, and small, medium, and large businesses affected by
data privacy policies policies, and make prescribed recommendations
on best practices, including identifying online services, products, or
features likely to be accessed by children.
This bill would authorize the Attorney General to seek an injunction
or civil penalty against any business that violates it provisions. The bill
would hold violators liable for a civil penalty of not more than $2,500
per affected child for each negligent violation or not more than $7,500
per affected child for each intentional violation. The bill would require
any penalties, fees, and expenses recovered in an action brought under
the act to be deposited in the Consumer Privacy Fund with the intent
that they be used to fully offset costs incurred by the Attorney General
in connection with the act.
(2)  The California Privacy Rights Act of 2020 authorizes the
Legislature to amend the act to further the purposes and intent of the
act by a majority vote of both houses of the Legislature, as specified.
This bill would declare that its provisions further the purposes and
intent of the California Privacy Rights Act of 2020.
(3)  Existing constitutional provisions require that a statute that limits
the right of access to the meetings of public bodies or the writings of
public officials and agencies be adopted with findings demonstrating
the interest protected by the limitation and the need for protecting that
interest.
This bill would make legislative findings to that effect.
Vote: majority. Appropriation: no. Fiscal committee: yes.​
State-mandated local program: no.​

The people of the State of California do enact as follows:

line 1 SECTION 1. (a)  The Legislature hereby finds and declares

line 2 all of the following:

95
 AB 2273 —4—

line 1 (1)  The United Nations Convention on the Rights of the Child

line 2 recognizes that children need special safeguards and care in all
line 3 aspects of their lives.
line 4 (2)  As children spend more of their time interacting with the
line 5 online world, the impact of the design of online products and
line 6 services on children’s well-being has become a focus of significant
line 7 concern.
line 8 (3)  There is bipartisan agreement at the international level, in
line 9 both the United States and in the State of California, that more
line 10 needs to be done to create a safer online space for children to learn,
line 11 explore, and play.
line 12 (4)  Lawmakers around the globe have taken steps to enhance
line 13 privacy protections for children on the understanding that, in
line 14 relation to data protection, greater privacy necessarily means
line 15 greater security and well-being.
line 16 (5)  Children should be afforded protections not only by online
line 17 products and services specifically directed at them, but by all online
line 18 products and services they are likely to access. In order to help
line 19 support the design of online products, services, and features,
line 20 businesses should take into account the unique needs of different
line 21 age ranges, including the following developmental stages: 0 to 5
line 22 years of age or “preliterate and early literacy”; 6 to 9 years of age
line 23 or “core primary school years”; 10 to 12 years of age or “transition
line 24 years”; 13 to 15 years of age or “early teens”; and 16 to 17 years
line 25 of age or “approaching adulthood”. adulthood.”
line 26 (6)  In 2019, 81 percent of voters said they wanted to prohibit
line 27 companies from collecting personal information about children
line 28 without parental consent, and a 2018 poll of Californian parents
line 29 and teens found that only 36 percent of teenagers and 32 percent
line 30 of parents say that social networking internet websites do a good
line 31 job explaining what they do with users’ data.
line 32 (7)  While it is clear that the same data protection regime may
line 33 not be appropriate for children of all ages, children of all ages
line 34 should nonetheless be afforded privacy and protection, and online
line 35 products and services should adopt data protection regimes
line 36 appropriate for children of the ages likely to access those products
line 37 and services.
line 38 (8)  Online services, products, or features that are likely to be
line 39 accessed by children should offer strong privacy protections by
line 40 design and by default, including by disabling features that profile

95
 —5— AB 2273

line 1 children using their previous behavior, browsing history, or

line 2 assumptions of their similarity to other children, to offer
line 3 detrimental material.
line 4 (9)  Ensuring robust privacy protections for children by design
line 5 is consistent with the intent of the Legislature in passing the
line 6 California Consumer Privacy Act of 2018, and with the intent of
line 7 the people of the State of California in passing the California
line 8 Privacy Rights Act of 2020, which finds and declares that children
line 9 are particularly vulnerable from a negotiating perspective with
line 10 respect to their privacy rights.
line 11 (10)  The California Privacy Protection Agency, created by the
line 12 California Privacy Rights Act of 2020, has substantial and growing
line 13 expertise that is integral to the development of privacy policy in
line 14 California.
line 15 (b)  Therefore, it is the intent of the Legislature to promote
line 16 privacy protections for children pursuant to the California
line 17 Age-Appropriate Design Code Act.
line 18 (c)  It is the intent of the Legislature that the California
line 19 Age-Appropriate Design Code promote innovation by businesses
line 20 whose online products, services, or features are likely to be
line 21 accessed by children by ensuring that those online products,
line 22 services, or features are designed in a manner that recognizes the
line 23 distinct needs of children at different age ranges.
line 24 (d)  It is the intent of the Legislature that businesses covered by
line 25 the California Age-Appropriate Design Code may look to guidance
line 26 and innovation in response to the Age-Appropriate Design Code
line 27 established in the United Kingdom when developing online
line 28 services, products, or features likely to be accessed by children.
line 29 (e)  It is the intent of the Legislature that the California
line 30 Children’s Data Protection Working Group consider the guidance
line 31 provided by the Information Commissioner’s Office in the United
line 32 Kingdom when developing and reviewing best practices or other
line 33 recommendations related to the California Age-Appropriate Design
line 34 Code.
line 35 (f)  It is the intent of the Legislature that the California Children’s
line 36 Data Protection Working Group and the Department of Justice
line 37 leverage the substantial and growing expertise of the California
line 38 Privacy Protection Agency in the implementation of this title.
line 39 SEC. 2. Title 1.81.46 (commencing with Section 1798.99.28)
line 40 is added to Part 4 of Division 3 of the Civil Code, to read:

95
 AB 2273 —6—

line 1 SEC. 2. Title 1.81.47 (commencing with Section 1798.99.28)

line 2 is added to Part 4 of Division 3 of the Civil Code, to read:
line 3
line 4 TITLE 1.81.46. 1.81.47. THE CALIFORNIA
line 5 AGE-APPROPRIATE DESIGN CODE ACT
line 6
line 7 1798.99.28. This title shall be known, and may be cited, as the
line 8 California Age-Appropriate Design Code Act.
line 9 1798.99.29. The Legislature declares that children should be
line 10 afforded protections not only by online products and services
line 11 specifically directed at them but by all online products and services
line 12 they are likely to access and makes the following findings:
line 13 (a)  Businesses that develop and provide online services,
line 14 products, or features that children are likely to access should
line 15 consider the best interests of children when designing, developing,
line 16 and providing that online service, product, or feature.
line 17 (b)  If a conflict arises between commercial interests and the
line 18 best interests of children, companies should prioritize the privacy,
line 19 safety, and well-being of children over commercial interests.
line 20 1798.99.30. (a)  For purposes of this title, the definitions in
line 21 Section 1798.140 shall apply unless otherwise specified in this
line 22 title.
line 23 (b)  For the purposes of this title:
line 24 (1)  “Child” or “children,” unless otherwise specified, means a
line 25 consumer or consumers who is are under 18 years of age.
line 26 (2)  “Data Protection Impact Assessment” means a systematic
line 27 survey to assess and mitigate risks that arise from the data
line 28 management practices of the business to children who are
line 29 reasonably likely to access the online service, product, or feature
line 30 at issue that arises from the provision of that online service,
line 31 product, or feature.
line 32 (3)  “Default” means a preselected option adopted by the business
line 33 for the online service, product, or feature.
line 34 (4)  “Likely to be accessed by children” means it is reasonable
line 35 to expect, based on any of the following factors, indicators, that
line 36 the online service, product, or feature would be accessed by
line 37 children:
line 38 (A)  The online service, product, or feature is directed to children
line 39 as defined by the Children’s Online Privacy Protection Act (15
line 40 U.S.C. Sec. 6501 et seq.).

95
 —7— AB 2273

line 1 (B)  The online service, product, or feature is determined, based

line 2 on competent and reliable evidence regarding audience
line 3 composition, to be routinely accessed by a significant number of
line 4 children.
line 5 (C)  An online service, product, or feature with advertisements
line 6 marketed to children.
line 7 (D)  An online service, product, or feature that is substantially
line 8 similar or the same as an online service, product, or feature subject
line 9 to subparagraph (B).
line 10 (E)  An online service, product, or feature that has design
line 11 elements that are known to be of interest to children, including,
line 12 but not limited to, games, cartoons, music, and celebrities who
line 13 appeal to children.
line 14 (F)  A significant amount of the audience of the online service,
line 15 product, or feature is determined, based on internal company
line 16 research, to be children.
line 17 (5)  “Online service, product, or feature” does not mean any of
line 18 the following:
line 19 (A)  A broadband internet access service, as defined in Section
line 20 3100.
line 21 (B)  A telecommunications service, as defined in Section 153 of
line 22 Title 47 of the United States Code.
line 23 (C)  The delivery or use of a physical product.
line 24 (5)
line 25 (6)  “Profiling” means any form of automated processing of
line 26 personal information that uses personal information to evaluate
line 27 certain aspects relating to a natural person, including analyzing or
line 28 predicting aspects concerning a natural person’s performance at
line 29 work, economic situation, health, personal preferences, interests,
line 30 reliability, behavior, location, or movements.
line 31 1798.99.31. (a)  A business that provides an online service,
line 32 product, or feature likely to be accessed by children shall take all
line 33 of the following actions:
line 34 (1)  (A)  Before any new online services, products, or features
line 35 are offered to the public, complete a Data Protection Impact
line 36 Assessment for any online service, product, or feature likely to be
line 37 accessed by children and maintain documentation of this
line 38 assessment as long as the online service, product, or feature is
line 39 likely to be accessed by children. A business shall biennially review
line 40 all Data Protection Impact Assessments.

95
 AB 2273 —8—

line 1 (B)  The Data Protection Impact Assessment required by this

line 2 paragraph shall identify the purpose of the online service, product,
line 3 or feature, how it uses children’s personal information, and the
line 4 risks of material detriment to children that arise from the data
line 5 management practices of the business. The Data Protection Impact
line 6 Assessment shall address, to the extent applicable, all of the
line 7 following:
line 8 (i)  Whether the design of the online product, service, or feature
line 9 could harm children, including by exposing children to harmful,
line 10 or potentially harmful, content on the online product, service, or
line 11 feature.
line 12 (ii)  Whether the design of the online product, service, or feature
line 13 could lead to children experiencing or being targeted by harmful,
line 14 or potentially harmful, contacts on the online product, service, or
line 15 feature.
line 16 (iii)  Whether the design of the online product, service, or feature
line 17 could permit children to witness, participate in, or be subject to
line 18 harmful, or potentially harmful, conduct on the online product,
line 19 service, or feature.
line 20 (iv)  Whether the design of the online product, service, or feature
line 21 could allow children to be party to or exploited by a harmful, or
line 22 potentially harmful, contact on the online product, service, or
line 23 feature.
line 24 (v)  Whether algorithms used by the online product, service, or
line 25 feature could harm children.
line 26 (vi)  Whether targeted advertising systems used by the online
line 27 product, service, or feature could harm children.
line 28 (vii)  Whether and how the online product, service, or feature
line 29 uses system design features to increase, sustain, or extend use of
line 30 the online product, service, or feature by children, including the
line 31 automatic playing of media, rewards for time spent, and
line 32 notifications.
line 33 (viii)  Whether, how, and for what purpose the online product,
line 34 service, or feature collects or processes sensitive personal
line 35 information of children.
line 36 (2)  Document any risk of material detriment to children that
line 37 arises from the data management practices of the business
line 38 identified in the Data Protection Impact Assessment required by
line 39 paragraph (1) and create a timed plan to mitigate or eliminate the

95
 —9— AB 2273

line 1 risk before the online service, product, or feature is accessed by

line 2 children.
line 3 (3)  Within 48 hours three business days of a written request by
line 4 the Attorney General, provide to the Attorney General a list of all
line 5 Data Protection Impact Assessments the business has completed.
line 6 (4)  (A)  For any Data Protection Impact Assessment completed
line 7 pursuant to paragraph (1), make the Data Protection Impact
line 8 Assessment available, within five business days, to the Attorney
line 9 General pursuant to a written request.
line 10 (B)  Notwithstanding any other law, a Data Protection Impact
line 11 Assessment is protected as confidential and shall be exempt from
line 12 public disclosure, including under the California Public Records
line 13 Act (Chapter 3.5 (commencing with Section 6250) of Division 7
line 14 of Title 1 of the Government Code).
line 15 (C)  To the extent any information contained in a Data Protection
line 16 Impact Assessment disclosed to the Attorney General includes
line 17 information subject to attorney-client privilege or work product
line 18 protection, disclosure pursuant to this paragraph shall not constitute
line 19 a waiver of that privilege or protection.
line 20 (5)  Estimate the age of child users with a reasonable level of
line 21 certainty appropriate to the risks that arise from the data
line 22 management practices of the business or apply the privacy and
line 23 data protections afforded to children to all consumers.
line 24 (6)  Configure all default privacy settings provided to children
line 25 by the online service, product, or feature to settings that offer a
line 26 high level of privacy, unless the business can demonstrate a
line 27 compelling reason that a different setting is in the best interests of
line 28 children.
line 29 (7)  Provide any privacy information, terms of service, policies,
line 30 and community standards concisely, prominently, and using clear
line 31 language suited to the age of children likely to access that online
line 32 service, product, or feature.
line 33 (8)  If the online service, product, or feature allows the child’s
line 34 parent, guardian, or any other consumer to monitor the child’s
line 35 online activity or track the child’s location, provide an obvious
line 36 signal to the child when the child is being monitored or tracked.
line 37 (9)  Enforce published terms, policies, and community standards
line 38 established by the business, including, but not limited to, privacy
line 39 policies and those concerning children.

95
 AB 2273 — 10 —

line 1 (10)  Provide prominent, accessible, and responsive tools to help

line 2 children, or if applicable their parents or guardians, exercise their
line 3 privacy rights and report concerns.
line 4 (b)  A business that provides an online service, product, or feature
line 5 likely to be accessed by children shall not take any of the following
line 6 actions:
line 7 (1)  Use the personal information of any child in a way that the
line 8 business knows, or has reason to know, is materially detrimental
line 9 to the physical health, mental health, or well-being of a child.
line 10 (2)  Profile a child by default unless both of the following criteria
line 11 are met:
line 12 (A)  The business can demonstrate it has appropriate safeguards
line 13 in place to protect children.
line 14 (B)  Either of the following is true:
line 15 (i)  Profiling is necessary to provide the online service, product,
line 16 or feature requested and only with respect to the aspects of the
line 17 online service, product, or feature with which the child is actively
line 18 and knowingly engaged.
line 19 (ii)  The business can demonstrate a compelling reason that
line 20 profiling is in the best interests of children.
line 21 (3)  Collect, sell, share, or retain any personal information that
line 22 is not necessary to provide an online service, product, or feature
line 23 with which a child is actively and knowingly engaged, or as
line 24 described in paragraphs (1) to (4), inclusive, of subdivision (a) of
line 25 Section 1798.145, unless the business can demonstrate a
line 26 compelling reason that the collecting, selling, sharing, or retaining
line 27 of the personal information is in the best interests of children likely
line 28 to access the online service, product, or feature.
line 29 (4)  If the end user is a child, use personal information for any
line 30 reason other than a reason for which that personal information was
line 31 collected, unless the business can demonstrate a compelling reason
line 32 that use of the personal information is in the best interests of
line 33 children.
line 34 (5)  Collect, sell, or share any precise geolocation information
line 35 of children by default unless the collection of that precise
line 36 geolocation information is strictly necessary for the business to
line 37 provide the service, product, or feature requested and then only
line 38 for the limited time that the collection of precise geolocation
line 39 information is necessary to provide the service, product, or feature.

95
 — 11 — AB 2273

line 1 (6)  Collect any precise geolocation information of a child

line 2 without providing an obvious sign to the child for the duration of
line 3 that collection that precise geolocation information is being
line 4 collected.
line 5 (7)  Use dark patterns to lead or encourage children to provide
line 6 personal information beyond what is reasonably expected to
line 7 provide that online service, product, or feature to forego privacy
line 8 protections, or to take any action that the business knows, or has
line 9 reason to know, is materially detrimental to the child’s physical
line 10 health, mental health, or well-being.
line 11 (8)  Use any personal information collected to estimate age or
line 12 age range for any other purpose or retain that personal information
line 13 longer than necessary to estimate age. Age assurance shall be
line 14 proportionate to the risks and data practice of an online service,
line 15 product, or feature.
line 16 (c)  (1)  A Data Protection Impact Assessment conducted by a
line 17 business for the purpose of compliance with any other law complies
line 18 with this section if the Data Protection Impact Assessment meets
line 19 the requirements of this title.
line 20 (2)  A single data protection impact assessment may contain
line 21 multiple similar processing operations that present similar risks
line 22 only if each relevant online service, product, or feature is
line 23 addressed.
line 24 (d)  This section shall become operative on July 1, 2024.
line 25 1798.99.32. (a)  The California Children’s Data Protection
line 26 Working Group is hereby created to deliver a report to the
line 27 Legislature, pursuant to subdivision (e), regarding best practices
line 28 for the implementation of this title.
line 29 (b)  Working Group members shall consist of Californians with
line 30 expertise in at least two of the following areas:
line 31 (1)  Children’s data privacy.
line 32 (2)  Physical health.
line 33 (3)  Mental health and well-being.
line 34 (4)  Computer science.
line 35 (5)  Children’s rights.
line 36 (c)  The working group shall select a chair and a vice chair from
line 37 among its members and shall consist of the following 10 members:
line 38 (1)  Two appointees by the Governor.
line 39 (2)  Two appointees by the President Pro Tempore of the Senate.
line 40 (3)  Two appointees by the Speaker of the Assembly.

95
 AB 2273 — 12 —

line 1 (4)  Two appointees by the Attorney General.

line 2 (5)  Two appointees by the California Privacy Protection Agency.
line 3 (d)  The working group shall take input from a broad range of
line 4 stakeholders, including from academia, consumer advocacy groups,
line 5 and small, medium, and large businesses affected by data privacy
line 6 policies and shall make recommendations to the Legislature on
line 7 best practices regarding, at minimum, all of the following:
line 8 (1)  Identifying online services, products, or features likely to
line 9 be accessed by children.
line 10 (2)  Evaluating and prioritizing the best interests of children with
line 11 respect to their privacy, physical health, and mental health and
line 12 well-being and evaluating how those interests may be furthered
line 13 by the design, development, and implementation of an online
line 14 service, product, or feature.
line 15 (3)  Ensuring that age assurance methods used by businesses
line 16 that provide online services, products, or features likely to be
line 17 accessed by children are proportionate to the risks that arise from
line 18 the data management practices of the business, privacy protective,
line 19 and minimally invasive.
line 20 (4)  Assessing and mitigating risks to children that arise from
line 21 the use of an online service, product, or feature.
line 22 (5)  Publishing privacy information, policies, and standards in
line 23 concise, clear language suited for the age of children likely to
line 24 access an online service, product, or feature.
line 25 (6)  How the working group and the Department of Justice may
line 26 leverage the substantial and growing expertise of the California
line 27 Privacy Protection Agency in the long-term development of data
line 28 privacy policies that affect the privacy, rights, and safety of
line 29 children online.
line 30 (e)  On or before January 1, 2024, and every two years thereafter,
line 31 the working group shall submit, pursuant to Section 9795 of the
line 32 Government Code, a report to the Legislature regarding the
line 33 recommendations described in subdivision (d).
line 34 (f)  The members of the working group shall serve without
line 35 compensation but shall be reimbursed for all necessary expenses
line 36 actually incurred in the performance of their duties.
line 37 (g)  This section shall remain in effect until January 1, 2030, and
line 38 as of that date is repealed.
line 39 1798.99.33. (a)  A business shall complete a Data Protection
line 40 Impact Assessment on or before July 1, 2024, for any online

95
 — 13 — AB 2273

line 1 service, product, or feature likely to be accessed by children offered

line 2 to the public before July 1, 2024.
line 3 (b)  This section does not apply to an online service, product, or
line 4 feature that is not offered to the public on or after July 1, 2024.
line 5 1798.99.35. (a)  Any business that violates this title shall be
line 6 subject to an injunction and liable for a civil penalty of not more
line 7 than two thousand five hundred dollars ($2,500) per affected child
line 8 for each negligent violation or not more than seven thousand five
line 9 hundred dollars ($7,500) per affected child for each intentional
line 10 violation, which shall be assessed and recovered only in a civil
line 11 action brought in the name of the people of the State of California
line 12 by the Attorney General.
line 13 (b)  Any penalties, fees, and expenses recovered in an action
line 14 brought under this title shall be deposited in the Consumer Privacy
line 15 Fund, created within the General Fund pursuant to subdivision (a)
line 16 of Section 1798.160, with the intent that they be used to fully offset
line 17 costs incurred by the Attorney General in connection with this
line 18 title.
line 19 (c)  (1)  If a business is in substantial compliance with the
line 20 requirements of paragraphs (1) through (4), inclusive, of
line 21 subdivision (a) of Section 1798.99.31, the Attorney General shall
line 22 provide written notice to the business, before initiating an action
line 23 under this title, identifying the specific provisions of this title that
line 24 the Attorney General alleges have been or are being violated.
line 25 (2)  If, within 45 90 days of the notice required by this
line 26 subdivision, the business actually cures any noticed violation and
line 27 provides the Attorney General a written statement that the alleged
line 28 violations have been cured and that such further violations shall
line 29 not occur, the Attorney General shall not bring a civil action against
line 30 the business cured, and sufficient measures have been taken to
line 31 prevent future violations, the business shall not be liable for a civil
line 32 penalty for any violation cured pursuant to this subdivision.
line 33 (d)  Nothing in this title shall be interpreted to serve as the basis
line 34 for a private right of action under this title or any other law.
line 35 (e)  The Attorney General may solicit broad public participation
line 36 and adopt regulations to clarify the requirements of this title.
line 37 1798.99.40. This title does not apply to the information or
line 38 entities described in subdivision (c) of Section 1798.145.

95
 AB 2273 — 14 —

line 1 SEC. 3. The Legislature finds and declares that this act furthers
line 2 the purposes and intent of the California Privacy Rights Act of
line 3 2020.
line 4 SEC. 4. The Legislature finds and declares that Section 2 of
line 5 this act, which adds Title 1.81.46 (commencing with Section
line 6 1798.99.28) to Part 4 of Division 3 of the Civil Code, imposes a
line 7 limitation on the public’s right of access to the meetings of public
line 8 bodies or the writings of public officials and agencies within the
line 9 meaning of Section 3 of Article I of the California Constitution.
line 10 Pursuant to that constitutional provision, the Legislature makes
line 11 the following findings to demonstrate the interest protected by this
line 12 limitation and the need for protecting that interest:
line 13 The limitation is needed to encourage businesses, by protecting
line 14 their proprietary interests, to mitigate risks to children online.

95