Privacy & Information Security Law Blog

On March 13, 2025, the U.S. District Court for the Northern District of California granted a second motion for preliminary injunction in favor of the technology trade group NetChoice. The injunction once again enjoins the California Attorney General from enforcing the California Age Appropriate Design Code Act (the “AADC” or “Code”), which was originally intended to take effect on July 1, 2024. The District Court determined that NetChoice is likely to succeed on claims raised in its amended complaint that the AADC is facially invalid under the First Amendment guarantee of free speech. As a result, the California AG is immediately enjoined from enforcing the Code during the pendency of the litigation.

The claims of free speech infringement stem primarily from the Code’s requirement for covered businesses to perform a data protection impact assessment (“DPIA”) to identify material risks to children under the age of 18, document and mitigate those risks before such children access an online service, product or feature and provide the DPIA to the California Attorney General upon written request. NetChoice asserts that on this basis the Code violates the expressive rights of NetChoice, its members and is void for vagueness under the First Amendment.

An injunction previously granted by the District Court in respect of the Act’s 2023 implementation was partially upheld by a Ninth Circuit panel in August of 2024, with respect to the DPIA requirement and provisions of the Code not grammatically severable from the DPIA requirement, including notice and cure provisions with respect to non-compliance. The Ninth Circuit vacated the rest of the district court’s first ruling and remanded the case to assess other provisions of the Code in more detail and consider whether the law’s unconstitutional provisions are severable from the remainder of the law.

The District Court determined that the AADC is not sufficiently narrowly tailored (under the strict scrutiny standard) to achieve its interest in protecting children online. On the basis that NetChoice has a colorable First Amendment claim, it would suffer irreparable harm if the Code were to take effect. The District Court also found that the enjoined DPIA provisions are not volitionally severable from the remainder of the AADC, though they are functionally severable.

The District Court determined, on the other hand, that NetChoice had not shown that it is likely to succeed on certain other claims, such as that the AADC was pre-empted by the federal Communications Decency Act or by the Children’s Online Privacy Protection Act.