BILL ANALYSIS ��
-----------------------------------------------------------------
|SENATE RULES COMMITTEE | SB 501|
|Office of Senate Floor Analyses | |
|1020 N Street, Suite 524 | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
-----------------------------------------------------------------
THIRD READING
Bill No: SB 501
Author: Corbett (D)
Amended: 4/30/13
Vote: 21
SENATE JUDICIARY COMMITTEE : 5-1, 4/23/13
AYES: Evans, Corbett, Jackson, Leno, Monning
NOES: Anderson
NO VOTE RECORDED: Walters
SUBJECT : Social networking Internet Web sites: privacy:
minors
SOURCE : Author
DIGEST : This bill requires a social networking Internet Web
site, as defined, to remove the personal identifying
information, as defined, of any registered user, as defined,
within 96 hours after his/her request and also requires removal
of that information in that same manner regarding a user under
18 years of age upon request by the user's parent or legal
guardian. The bill imposes a civil penalty, not to exceed
$10,000, for each willful and knowing violation of these
provisions.
ANALYSIS :
Existing law:
1.Existing federal law makes it unlawful for an operator of an
CONTINUED
�
SB 501
Page
2
Internet Web site or online service directed to children under
the age of 13 to collect personal information from a child,
including a child's first and last name, home or other
physical address including street name and name of a city or
town, e-mail address, telephone number, or social security
number. (Child Online Privacy Protection Act, 15 U.S.C. Sec.
6501 et. seq.)
2.Existing case law permits a person to bring an action in tort
for an invasion of privacy and provides that in order to state
a claim for violation of the constitutional right to privacy,
a plaintiff must establish the following three elements: (1) a
legally protected privacy interest; (2) a reasonable
expectation of privacy in the circumstances; and (3) conduct
by the defendant that constitutes a serious invasion of
privacy. (Hill v. National Collegiate Athletic Assn. (1994) 7
Cal.4th 1.) Existing law recognizes four types of activities
considered to be an invasion of privacy giving rise to civil
liability, including the public disclosure of private facts.
3.Existing case law provides that there is no reasonable
expectation of privacy in information posted on an Internet
Web site. The information is no longer a "private fact" that
can be protected from public disclosure. (Moreno v. Hanford
Sentinel (2009) 172 Cal.App.4th 1125.)
4.Provides that, among other rights, all people have an
inalienable right to pursue and obtain privacy. (Cal. Const.,
art. I, Sec. 1.)
5.Requires an operator of a commercial Internet Web site or
online service that collects personally identifiable
information through the Internet about individual consumers
residing in California who use or visit its Internet Web site
to conspicuously post its privacy policy. (Online Privacy
Protection Act of 2003, Bus & Prof Code Sec. 22575.)
This bill:
1.Requires a social networking Internet Web site to remove
personal identifying information of a registered user, upon
request, within 96 hours of delivery of the request.
2.Permits a parent or legal guardian of a registered user who
CONTINUED
�
SB 501
Page
3
identifies himself/herself as being under 18 years of age to
require a social networking Internet Web site to remove their
minor child's personal identifying information.
3.Provides that a social networking Internet Web site that
willfully and knowingly violates the above prohibition is
liable for a civil penalty of up to $10,000 for each
violation.
4.Defines "social networking Internet Web site" as an Internet
Web-based service that allows an individual to construct a
public or partly public profile within a bounded system,
articulate a list of other users with whom the individual
shares a connection, and view and traverse his/her list of
connections and those made by others in the system.
5.Defines "personally identifying information" as a person's
address, telephone number, driver's license number, state
identification card number, social security number, employee
identification number, mother's maiden name, demand deposit
account number, savings account number, or credit card number.
6.Defines "registered user" as any person who has created an
account for purposes of accessing a social networking Internet
Web site.
7.Allows site operators to require an affirmation from persons
requesting the removal that states that the requester has the
authority to submit such a request.
Background
Social networking Internet Web sites such as MySpace and
Facebook have grown in use and become more popular with users
who post messages and photos on a personal web page. Those
personal pages, generated by the social networking Internet Web
site, may also display the user's address, phone number, birth
date, or other personal identifying information. That
information may then be displayed to the user's friends or to
the general public. Although users may limit who may see their
personal information, many users, including those under the age
of 18, often share that information with their "friends." The
list of "friends" for those users may include people who they do
not personally know, resulting in the sharing of personal
CONTINUED
�
SB 501
Page
4
identifying information with unknown persons.
Children under the age of 18 are among the most avid users of
social networking Internet Web sites. A report by the Pew
Foundation entitled Social Media & Mobile Internet Use Among
Teens and Young Adults (February, 2010) found that 93% of
American teens between the ages of 12 and 17 are online, and
that 73% of these teens use social networking sites. A 2005
survey by the Polly Klaas Foundation found that 42% of online
teens post information about themselves on the Internet so
others can contact them, and 56% have been asked personal
questions online. (Polly Klass Foundation, Omnibuzz Research
Poll Results, as of April 20, 2013). Additionally, 10% of
children aged 8-12 surveyed said they communicate online with
people they don't know.
Many research organizations have found that the sharing of
personal identifying information through social networking
Internet Web sites poses a significant threat to personal
privacy. A 2010 Consumer Reports survey found that many social
network users are naive about risks. 40% had posted their full
birth date, exposing them to identity theft. 26% of Facebook
users with children had potentially exposed them to predators by
posting the children's photos and names. And in 1 of 4
households with a Facebook account, users weren't aware of or
didn't choose to use the service's privacy controls. (Consumer
Reports, Social insecurity: What millions of online users don't
know can hurt them, as of April 20, 2013.)
According to the American Academy of Pediatrics (AAP), "[t]he
main risk to preadolescents and adolescents online today are
risks from each other, risks of improper use of technology, lack
of privacy, sharing too much information, or posting false
information about themselves or others." (AAP, The Impact of
Social Media on Children, Adolescents, and Families, as of April
20, 2013.) "These types of behavior," according to the AAP,
"put [minors'] privacy at risk."
Prior Legislation
ACR 106 (Nava, 2008), would have urged user-generated content
Internet Web sites to work with the Safety Technical Task Force
and law enforcement to reduce the use of those Internet Web
sites for purposes of criminal behavior. This resolution died
CONTINUED
�
SB 501
Page
5
on the Assembly Floor.
SB 632 (Davis, 2009), would have required a social networking
Internet Web site to provide a disclosure to users that an image
which is uploaded onto the Internet Web site is capable of being
copied, without consent, by persons who view the image, or
copied in violation of the privacy policy, terms of use, or
other policy of the site. This bill was vetoed.
SB 1361 (Corbett, 2010), would have prohibited a social
networking Internet Web site, as defined, from displaying, to
the public or other registered users, the home address or
telephone number of a registered user of that Internet Web site
who is under 18 years of age, as provided. This bill failed
passage in the Assembly Arts, Entertainment, Sports, Tourism,
and Internet Media Committee.
SB 242 (Corbett, 2011), would have prohibited a social
networking Internet Web site from displaying the home address or
telephone number, in specified text fields, of a registered user
who identifies himself/herself as under 18 years of age. This
bill failed passage on the Senate floor.
FISCAL EFFECT : Appropriation: No Fiscal Com.: No Local:
No
SUPPORT : (Verified 4/30/13)
Alameda County District Attorney Nancy E. O'Malley
Alameda County Sheriff's Office
California State Sheriff's Association
Crime Victims United of California
Los Angeles County Sheriff Leroy D. Baca
Peace Officers Research Association of California
OPPOSITION : (Verified 4/30/13)
Application Developer's Alliance
California Chamber of Commerce
Electronic Frontier Foundation
Engine
TechAmerica
TechNet
The Trevor Project
CONTINUED
�
SB 501
Page
6
ARGUMENTS IN SUPPORT : According to the author's office,
computer systems and the Internet have brought consumers many
conveniences. But these innovative methods of information
sharing can pose a serious threat to our privacy and security.
There are countless privacy pitfalls when our personal
identifying information is indiscriminately posted.
Existing law does not require a social networking Internet Web
site to honor a user's request or, in the case of a minor user
under the age of 18, a parent or legal guardian's request to
remove certain personally identifiable information (address,
telephone number, driver's license number, state identification
card number, social security number, employee identification
number, mother's maiden name, demand deposit account number,
savings account number, or credit card number).
The author's office also notes that the included penalty only
applies to those social networking Internet Web sites that
"willfully and knowingly" violate the prohibition, thus, the
penalty would not apply to Internet Web sites in cases where the
user misrepresents his/her age in gaining access to the site.
ARGUMENTS IN OPPOSITION : The California Chamber of Commerce
asserts that "[n]o business should be put in the position of
figuring out who is the parent or guardian with the authority to
remove content from a minor's account," and that "this bill
places operators of social media sites in a perilous position"
and increases their exposure to civil litigation. It is
important to note that existing law already requires social
network Internet Web sites to act on requests submitted by users
to remove certain materials in other contexts without first
verifying their identity, or their lawful authority to submit
the request. For example, the Digital Millennium Copyright Act
of 1998 ("DMCA"), 17 U.S.C. Sec. 512, et. seq., requires
Internet Web site operators to remove allegedly copyright
infringing materials from their Internet Web sites upon request
without first verifying that the requesting party is the lawful
holder of the copyright in question.
AL:ej 5/1/13 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
CONTINUED
�
SB 501
Page
7
**** END ****
CONTINUED