California Bill Would Bar Children Under 16 From Social Media, Require State Age Verification

California lawmakers are moving quickly on a bill that would bar children under 16 from having social media accounts and require platforms to check users’ ages through the state’s existing age-assurance system. Assembly Bill 1709, introduced by Assemblymember Josh Lowenthal on Feb. 4 and amended Thursday, is now headed through the Appropriations Committee before a full Assembly floor vote.

The Electronic Frontier Foundation, the digital rights advocacy group, urged opposition in an April 24 Deeplinks post by legislative activist Molly Buckley, arguing the measure threatens privacy and free expression. But while the bill does require age verification, the statutory text does not explicitly say all Californians must upload government identification or biometric scans. Instead, the proposal ties verification to California’s Digital Age Assurance Act, a separate law enacted last year.

Under the amended bill, “A covered platform shall not permit a user who is under 16 years of age to create or maintain an account on the covered platform.” It also says platforms must take reasonable measures to stop users under 16 from accessing or using accounts, verify users’ ages under the state framework, and delete accounts held by users under 16 along with associated personal information. The bill further limits what companies can do with age-assurance data, saying it may be used only to determine age eligibility, retained only for the minimum time necessary and not used for advertising, profiling or algorithmic recommendations. A.B. 1709 would also create an e-Safety Advisory Commission within the California Department of Justice to advise the attorney general on online safety, and it authorizes the attorney general to write implementing rules and, if needed, adjust the scope of a “covered platform” by regulation.

The enforcement stakes are significant. In the April 23 amended text, knowing violations could bring civil penalties of up to $50,000 per affected minor, while negligent violations could draw up to $25,000 per affected minor. Cases could be brought by the California attorney general or a local public prosecutor. The bill passed the Assembly Privacy and Consumer Protection Committee on April 16 by a 13-1 vote, then cleared the Assembly Judiciary Committee on April 21 by a 10-0 vote with amendments and a referral to Appropriations.

A key provision directs platforms to use the state’s preexisting age-assurance law rather than spelling out a separate identification system. A.B. 1709 says, “A covered platform shall verify the age of a user pursuant to the Digital Age Assurance Act (Title 1.81.9 (commencing with Section 1798.500) of Part 4 of Division 3 of the Civil Code) subject to any regulation adopted by the Attorney General pursuant to Section 22686.”

That matters because the Digital Age Assurance Act, A.B. 1043, takes effect Jan. 1, 2027, and is built around age brackets rather than requiring apps to receive a user’s exact date of birth. The law requires operating system providers to set up a tool during account creation that asks for the user’s birth date, age or both and then sends apps a non-identifying age signal. As the law states, providers must “Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.” Those brackets are under 13, ages 13 to 15, ages 16 to 17, and 18 and older. A.B. 1043 also says it does not require collecting additional personal information beyond what is necessary for compliance.

That does not settle the broader debate. Similar state laws restricting minors’ access to social media or imposing age checks have faced constitutional challenges, often on First Amendment grounds, and some have been blocked in whole or in part. Privacy advocates also point to past breaches involving identity-verification systems and apps, including the AU10TIX exposure highlighted by EFF in 2024 and the Tea app breach reported in 2025, as evidence that age-check systems can create security risks even when lawmakers try to limit data collection.