Arkansas may have a new privacy law. Governor Sanders recently signed the Social Media Safety Act, a law that outlines age verification procedures for account holders for social media platforms. But some of the language is a little ambiguous and the effects on individuals’ privacy are as yet unknown.
The new law, Arkansas Act 689, requires certain social media platforms to verify the age of an Arkansas account holder through a third-party vendor. The vendor views a digitized driver’s license or other government identification. If the age verification vendor determines the account holder is a minor, then the social media platform is required to get parental consent for the account. If you’re concerned about providing your identification information to a vendor, you’re not alone. To assuage these valid privacy concerns of account holders, the law states that the social media companies and the third party vendors “shall not retain any identifying information of the individual” after access has been granted. But what exactly is “identifying information”? Is it just the digitized government identification or is it identifying information in the practical sense?
Unfortunately, the new law is silent on what is meant by identifying information, but the term is defined in other areas of Arkansas and privacy law. Identifying information typically includes the name and email address of the individual, both of which are standard pieces of information a social media platform uses to establish an account and often are used for the login process. But, under the Arkansas law, not only can the social media platform not retain this information, there is a monetary penalty of $2,500 assessed each time the social media company violates the law.
The new law takes effect in September. How it will be implemented remains to be seen.