Donald Gainsborough is a political savant and a powerhouse in the world of policy and legislation, currently steering the strategic direction of Government Curated. His deep insights into the legislative process have made him an essential voice in the ongoing debate over how to balance technological innovation with the safety of our most vulnerable citizens. As Governor Walz signs new social media guardrails for Minnesota children into law, Gainsborough provides the necessary context to understand what these changes look like on the ground. This conversation explores the technical intricacies of data tracking, the hidden mechanics of cookies, and the ethical responsibility of platforms to prioritize people over profits. By examining the shift from intrusive marketing to strictly functional data use, we gain a clearer picture of how policies like the CCPA are being adapted to protect the next generation in an increasingly complex digital landscape.
Minnesota recently enacted new social media guardrails to protect children online; what specific technical hurdles do platforms face when trying to comply with these privacy requirements while maintaining site functionality?
The most immediate technical hurdle involves distinguishing between the “Strictly Necessary” cookies that make a website work and the more invasive tracking technologies used for profit. When a platform tries to implement these guardrails, they have to ensure that basic features—like the cookie banner itself or the ability to remember a child’s language preference—don’t break during the compliance process. This requires a granular audit of every first-party and third-party cookie to ensure that none are used in a way that constitutes a “sale” of data under frameworks like the CCPA. For developers, the challenge is building a robust backend where a user can engage a toggle switch to opt out of tracking without losing site performance or triggering a constant, annoying browser alert. It is a sensory nightmare for the user if the site stops functioning as intended, but it is a legal and moral necessity for the company to provide these clear, accessible privacy choices.
How does the distinction between functional cookies and targeting cookies impact the way policy leaders view the ethics of digital “sales” involving minor data?
From a legislative perspective, functional cookies are seen as a neutral, essential tool that allows for a smooth user experience, such as keeping a user logged in or monitoring site performance to prevent crashes. The ethical friction begins with “Targeting Cookies” and “Social Media Cookies,” which are specifically designed to determine the most relevant advertisements to show a user based on their history. For children, this is particularly problematic because their online behavior is being packaged and treated as a “sale of personal information,” a practice we aim to curb with these new state-level guardrails. Policy leaders at Government Curated look for mechanisms that allow users to opt out of these associations while still enjoying the core, safe features of the platform. We want the digital world for children to feel safe and curated, not like a marketplace where a minor’s every move is being tracked across different GEMG properties and devices.
Given that some cookies are considered essential for site performance, how can legislation ensure that companies aren’t using this category as a loophole to continue tracking young users?
The law has to be incredibly precise about what “Strictly Necessary” actually means to prevent it from becoming a catch-all for unauthorized data harvesting. If a company claims a cookie is essential for site performance, we need to verify that it isn’t also being used to monitor traffic in a way that feeds back into a commercial advertising profile. In our policy work, we encourage users to look toward resources like allaboutcookies.org to understand how to set their browser to block or alert them about these persistent, hidden trackers. The goal is to move the burden of transparency onto the platform, ensuring that any cookie that cannot be opted out of is genuinely there for the proper functioning of the website. It takes a certain amount of digital literacy to navigate these settings in the Options or Preferences menu, which is why the law must mandate that these choices are front-and-center rather than buried in a wall of text.
What role do third-party domains play in the current privacy crisis, and how does the new legislation address the data being leaked to outside advertisers?
Third-party cookies are the primary vehicle for data leakage, as they originate from a domain different from the website the child is actually visiting at that moment. These trackers allow for marketing efforts that follow a minor across the web, building a comprehensive profile that can be sold or shared without explicit, informed consent from a parent. New legislation like Minnesota’s creates a friction point by requiring a toggle switch that specifically allows users to opt out of the “sale” of their personal information to these outside entities. This breaks the chain of advertising that relies on tracking users across different devices and browsers, which is a massive win for privacy even if it means some ads become less “relevant.” By forcing a clear separation between first-party functionality and third-party monetization, we are making the digital ecosystem a significantly less predatory space for families and children.
What is your forecast for the future of state-led digital privacy laws as more regions follow Minnesota’s lead in curbing social media’s influence on youth?
I expect a significant acceleration in state-led legislation over the next few years as more governors realize that federal action is moving far too slowly to keep pace with evolving technology. We are going to see a standardized “privacy-first” default for all accounts belonging to minors, where the sale of personal data is strictly prohibited by law from the very moment they sign up for a service. The visual and mechanical experience of the internet will shift, with more transparent cookie banners and easier-to-access toggle switches becoming the baseline industry standard rather than a rare feature. As these laws proliferate, the tech giants will likely be forced to adopt these higher standards nationwide to avoid the logistical nightmare of maintaining different privacy models for every single state. This is a fundamental turning point where the protection of a child’s digital identity will finally be prioritized over the relentless pursuit of advertising revenue.
