> requiring calls to an API to verify the user's age

By simply asking for their age. There's nothing about requiring that the age is actually attempted to be verified as accurate at all. And the "age bracket" is specifically defined as nonpersonally identifiable information.

And it still gives no consequences for wrong/fake information.

Interestingly, they also define a "developer" simply as "a person that owns, maintains, or controls an application".

Wouldn't that inherently include all users of a computer in general?

▲ nl 15 hours ago | parent [-]

> There's nothing about requiring that the age is actually attempted to be verified as accurate at all.

To quote: requires a business that provides an online service, product, or feature likely to be accessed by children to do certain things, including estimate the age of child users with a reasonable level of certainty appropriate to the risks

"Reasonable level of certainty" requires some kind of attempt at verification. In Australia for example they allow facial estimation software (which I agree is not good, but it provides some kind of estimate the government is happy with)

> And it still gives no consequences for wrong/fake information.

Where are you seeing that?

To quote the bill:

> This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.

And:

  line 17 A person that violates this title shall be subject
  line 18 to an injunction and liable for a civil penalty of not more than two
  line 19 thousand five hundred dollars ($2,500) per affected child for each
  line 20 negligent violation or not more than seven thousand five hundred
  line 21 dollars ($7,500) per affected child for each intentional violation,
  line 22 which shall be assessed and recovered only in a civil action brought
  line 23 in the name of the people of the State of California by the Attorney
  line 24 General.

▲

tzs 14 hours ago | parent | next [-]

From the bill section 1798.501(b):

> (2)(A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.

> (B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

> (3)(A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

▲

nl 13 hours ago | parent [-]

I think you are agreeing with my interpretation, right?

	▲	tzs 11 hours ago \| parent [-]
		Nope. The bill says that a developer that receives the age signal is deemed to have actual knowledge of the user's age range. As long as they don't willfully disregard clear and convincing contradictory information from somewhere else the signal is good enough.

▲

ranger_danger 2 hours ago | parent | prev [-]

They don't actually define what "likely to be accessed by children" or "a reasonable level of certainty" really is.

I could say "some kind of attempt" is merely asking the user if they are over 18. I see no language that says that's not good enough, especially appropriate to the "risks" of 98% of websites.

> Where are you seeing that?

The noncompliance is on the part of the site owner, not the user. It just means you must ask their age (bracket), it doesn't mean the user has to tell the truth.