Linking to the doc posted on the official.gov site: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
this post was submitted on 06 Mar 2026
16 points (100.0% liked)
No Stupid Questions
47127 readers
859 users here now
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
founded 2 years ago
MODERATORS
These are all good questions about stupid legislation.
Not a lawyer, answers based on https://legiscan.com/CA/text/AB1043/2025
- Under section 1798.501. (b) 4A, wouldn't this make collection of almost any system information illegal?
No. Because the terms are defined in 1798.500. They can ask your system directly whatever they want; they just can't ask Microsofg, Apple, or Google for correlating specifics.
- Since 1798.501. (b) 2A seems to require that developers that receive this age flag treat assume it is true, this would at least apply to CCPA, and California Civil Code, right?
Yes, but only insomuch as laws that protect minors impose additional constraints on those who have "actual knowledge" that a user is actually a child.
It doesn't mean they need to trust the OS flag if they have suoerior knowledge as to someone's actual age. If I ask a child to contact Imgur to delete my account they'd block out my porn stash but otherwise treat the request as any other "delete an adult's account" request.
- Would 1798.501. (b) 2A also apply to COPPA? I know this is state versus federal law, but...
Statr law can expand upon federal law but not contradict. And it smells like AB1043 is more "add a more explicit signal of user age" than anything affecting data retention relating to children.
What part do you think is contradictory?
Yes, but only insomuch as laws that protect minors impose additional constraints on those who have "actual knowledge" that a user is actually a child.
So, if I understand right, basically they assume its correct unless given significant evidence otherwise? So like, if this flag is enabled and I visit a website and don't directly provide personal information, then they have to assume I am a child under CCPA and thus can't share my data. Right?
Statr law can expand upon federal law but not contradict. And it smells like AB1043 is more "add a more explicit signal of user age" than anything affecting data retention relating to children.
What part do you think is contradictory?
I was wondering more if they could just argue that it isn't an reliable metric and thus was ignored for COPPA if it ever came up in Federal court - esspecially if adults end up using the flag for CCPA or Civil Code protections. As opposed to in California law, where it is assumed to be true unless shown otherwise.
So, if I understand right, basically they assume its correct unless given significant evidence otherwise?
That's how it reads to me this morning. Assuming by "given" you meant "they have at all".
So like, if this flag is enabled and I visit a website and don’t directly provide personal information, then they have to assume I am a child under CCPA and thus can’t share my data. Right?
Based on the CA AG's page at https://www.oag.ca.gov/privacy/ccpa , I don't see how "the browser reports the user as a child" gives a substantial additional burden on website developers. Presumably, the most they'd have to do to comply is use the flag to change "do you agree for yourself" to "PARENT OR GUARDIAN: Do you agree for the user of this account..."
I'm missing the part where an adult setting their age category incorrectly for themselves would do more than get a stronger porn block and a bunch of "go get your parent" pop-ups instead of "click here if you're over 18."
Presumably, if Microsoft and Google and Apple don't get the Digital Age Assurance Act blocked in court, we could see a broad adoption of it as a way to skip paying for third-party age validation for sites like Reddit, BlueSky, and Lemmy, and all of the porn sites on the internet would just ask for the flag in lieu of their current "do we have a cookie where this user clicked that they're at least 18" code.
Thank you for the help understanding this.
It could certainly be written better to more clearly state this, but I believe the intent is to only limit the data requested and stored for the purpose of age verification. This should not impact data collected or retained for other purposes.