The Vermont Age-Appropriate Design Code Act: What You Need to Know

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

 

Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or deceptive act or practice. The Attorney General’s Office may draft regulations.

What are we discussing with clients?

  • Note what is NOT publicly available data. That might impact interpretation of other laws with this term.
  • Note what IS “reasonably likely to be accessed by minors” for the same reason. It is a very broad term here.
  • The duty of care is vague (result based) and thus a tall order to follow.
  • Note the legal obligation to have terms of use and community standards (a first?).
  • Note the very extensive transparency obligations. This is a privacy notice PLUS PLUS, with detail and retention terms for every feature and information on the algorithms.

In more detail

It applies if you:

  • Conduct business in Vermont.
  • Generate a majority of your annual revenue from online services.
  • Are reasonably likely to be accessed by a minor.
  • Determine the purpose and means of processing of personal data.

The law includes a lot of unique carve outs from “publicly available information,” so the following is still personal data:

  • Biometric data collected without knowledge.
  • Information that is collated and combined to create a consumer profile.
  • Information that is made available for sale.
  • Genetic data.

Is the data “reasonably likely to be accessed by minors?” Consider:

  • Directed at children under COPPA.
  • The service or product is determined, based on either (1) competent and reliable evidence regarding audience composition, or on (2) internal company research or (3) knew or should have known audience to be routinely accessed by an audience that is composed of at least TWO PERCENT minors.
  • Data minimization: Only collect/retain/share data that is necessary to provide the service/feature with which the covered minor is actively and knowingly engaged with additional limitation on algorithmic recommendations.

Minimum duty of care

The use of the personal data and the design of an online service, product, or feature or the content of the media viewed will not result in:

  • Reasonably foreseeable emotional distress to a covered minor.
  • Reasonably foreseeable compulsive use of the online service, product, or feature by a covered minor.
  • Discrimination against a covered minor.
  • Default settings set to highest levels of privacy which includes blocking known adult users from seeing the minor’s account or specific content or commenting or direct messaging and not displaying the covered minor’s location to other users.

Provide transparency which includes:

  • Terms of use, privacy notice and community standards.
  • Detailed disclosure per feature, including data retention.
  • Purpose of each algorithmic recommendation system.
  • Inputs used by the algorithmic recommendation system and how they are used, influence recommendations.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Fox Rothschild LLP

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide