Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
South Carolina: Bill for age appropriate design code introduced to House
On January 16, 2024, House Bill 4842 a bill for the South Carolina Age Appropriate Design Code Act was introduced to the South Carolina House of Representatives and referred, on the same day, to the Committee on Judiciary.
The bill defines the 'Best interests of children' as the use, by a covered entity, of the personal data of a child or the design of an online service, product, or feature in a way that:
- will not benefit the covered entity to the detriment of the child; and
- will not result in:
- reasonably foreseeable and material, physical, or financial harm to the child;
- reasonably foreseeable and severe psychological or emotional harm to the child;
- a highly offensive intrusion on the reasonable privacy expectations of the child; or
- discrimination against the child based on race, color, religion, national origin, disability, sex, or sexual orientation.
A 'child' under the bill is considered a consumer who is under 18 years of age.
What is the scope of the bill?
Covered entities are subject to the bill if they:
- collect consumers' personal data or have consumers' personal data collected on their behalf by a third party;
- alone or jointly with others, determine the purposes and means of the processing of consumers' personal data;
- operate in South Carolina; and
- satisfy one or more of the following thresholds:
- annual gross revenues of more than $25 million, as adjusted every odd-numbered year to reflect the Consumer Price Index;
- alone or in combination, annually buy, receive for the covered entity's commercial purposes, sell, or share for commercial purposes, alone or in combination, the personal data of 50,000 or more consumers, households, or devices; or
- derive 50% or more of their annual revenues from selling consumers' personal data.
However, the bill also provides that protected health information subject to the U.S. Department of Health and Human Services (HHS) established pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) among others, is not subject to the bill.
What are the obligations regarding the processing of children's data?
The bill stipulates that covered entities must conduct a data protection impact assessment (DPIA) for any new online service, product, or feature that is reasonably likely to be accessed by children, and document the DPIA for as long as the product is likely to be accessed by children. More specifically, the bill details what the DPIA must identify, including, among other things, whether using the online service could lead to children being targeted by contacts that may harm the child, the risks of targeted advertising, and whether design features are aimed at increasing, sustaining, or extending the use of online services.
Covered entities must also configure all default privacy settings provided to children to settings offering a high level of privacy, alongside providing any privacy information concisely, prominently, and using clear language suited to the age of children likely to access the online service, product, or feature.
Finally, the bill also outlines prohibitions on profiling children by default, subject to exceptions, the use of precise geolocation information of children, and dark patterns to provide personal information beyond what is necessary.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
