Overview

California Governor Gavin Newsom recently signed AB 1394, a law that imposes new obligations on social media platforms to prevent and combat child sexual abuse and exploitation. The law is scheduled to take effect on January 1, 2025, and has two primary requirements for social media platforms (SMP): (1) implement a notice-and-staydown requirement for child sexual abuse material (CSAM); and (2) a prohibition against “knowingly facilitat[ing], aid[ing], or abet[ing] commercial sexual exploitation,” as defined by the statute. If a social media company violates the law, it may be liable to the reporting user for actual damages sustained and statutory damages of up to $250,000 per violation.

The law allows for a civil action to be brought by, or on behalf of, a person who is a minor and a victim of commercial sexual exploitation. The law includes a safe harbor provision for platforms that conduct safety audits. Social media platforms may face damages of up to $4 million per violation.

Scope

AB 1394 applies to SMPs, defined as a public or semipublic internet-based service or application that has users in California and that meets both of the following criteria:

  • A “substantial function” of the service or application is to connect users and allow them to interact socially. The law does not define substantial function, although the definition excludes services or applications that solely provide email or direct messaging services.
  • The service or application offers social interaction features. This is defined as online services or applications that allow users to (1) construct a public or semipublic profile to sign into and use the service or application, (2) populate a list of shared connections that they have with other users, and (3) create or post content that others can see (such as in chat rooms, on message boards, or on home or landing pages that show content created by other users).

CSAM Reporting

The law requires SMPs to do the following:

  • Create a reporting system for users to report content that meets the outlined criteria. The reported material must be CSAM, the reporting user must be an identifiable minor depicted in the reported material, and the reported material must be displayed, stored, or hosted on the social media platform.
  • Contact and update the reporting user. The SMP must collect “reasonably sufficient” contact information for the reporting user. The SMP must communicate with the reporting user (subject to the parameters specified in the law) and provide a final, written determination on the report to the user.
  • Block the reported material. The SMP must permanently block the reported content from being viewable on its platform where there is a reasonable basis to believe the reported material is CSAM; the content is displayed, stored, or hosted on the SMP; and the report contains information sufficient to locate the reported material. The SMP must also make “reasonable efforts” to remove and block other instances of the reported material from being viewed on its platform.
  • Comply with timing obligations. An SMP must review and make a final determination regarding the reported material within 30 days. If the SMP faces circumstances beyond its control, it may meet its obligations no later than 60 days after the report was made and it must notify the reporting user within 48 hours of knowing a delay is likely to occur.

A SMP that fails to comply with these requires may be liable for the following:

  • Actual damages sustained by the reporting user.
  • Statutory damages of up to $250,000 per violation. Where an SMP has complied with certain statutory conditions, including cooperation with a particular service offered by the National Center for Missing and Exploited Children (NCMEC), statutory damages may be capped at $125,000 or $75,000 per violation.
  • Court costs and reasonable attorney’s fees.
  • Any other relief ordered by the court.

Liability for Product Systems, Designs, and FeaturesCommercial Sexual Exploitation

AB 1394 prohibits SMPs from “knowingly” facilitating, aiding, and abetting commercial sexual exploitation. “Facilitate, aid, or abet” means to deploy a system, design, feature, or affordance that is a substantial factor in causing minor users to be victims of commercial sexual exploitation.

AB 1394 amends existing civil law to permit minors, or nonminor dependents, that are victims of commercial sexual exploitation committed by an individual over 18 years of age to bring a civil action against a SMP that “facilitated, aided, and abetted” an act of commercial sexual exploitation. An action may be brought by, on behalf of, or for the benefit of a victim.

A court must award statutory damages of at least $1 million and no more than $4 million per each act of commercial sexual exploitation the SMP facilitated, aided, or abetted. The law contains a safe harbor provision for SMPs that institute and maintain at least biannual audits of, among other things, its designs, features, and practice; take action within 30 days of an audit’s completion to mitigate or eliminate identified risks; and provide each member of the SMP’s board of directors with a copy of the audit with a description of any corrective action within 90 days of the audit’s completion.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ryan Mrazik Ryan Mrazik

Ryan represents online communications and storage providers on their core legal issues: user data privacy, content moderation, platform integrity, and privacy litigation. He works with the largest online technology companies as well as startups to help them protect themselves, their users, and their…

Ryan represents online communications and storage providers on their core legal issues: user data privacy, content moderation, platform integrity, and privacy litigation. He works with the largest online technology companies as well as startups to help them protect themselves, their users, and their data; promote free speech and expression; and stop child and victim exploitation.

Photo of Natasha Amlani Natasha Amlani

Natasha Amlani has experience with privacy counseling, litigation and data breach response.

Photo of Naa Kai Koppoe Naa Kai Koppoe

Naa Kai Koppoe is an associate in the firm’s Privacy & Security practice. She advises clients on a broad range of data privacy matters, including compliance strategies with state and international privacy laws and regulations such as the California Consumer Privacy Act (CCPA)…

Naa Kai Koppoe is an associate in the firm’s Privacy & Security practice. She advises clients on a broad range of data privacy matters, including compliance strategies with state and international privacy laws and regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).