Skip to content

A side project I couldn’t stop researching

State Child-Privacy & Age-Assurance Laws

115 laws & bills · 50 states + DC · reviewed monthly · current as of June 28, 2026

A product engineer's view of the state patchwork for shipping connected products to kids — family-safety apps, kids' wearables, and location-sharing tools that collect real data and get used by teens, where the rules go gray. It spans app-store acts, minor social-media laws, age assurance, Age-Appropriate Design Codes, and the kids' provisions of state privacy laws — filter by obligation (location, design, analytics, consent) or by age. It's litigation-aware: a law blocked in court shows as enjoined, not live — currently 13 states have a kids-products law in force. Adult-content age-gates are out of scope. Pick a state for the detail and the primary source.

Federal floor

COPPA applies in every state

15 U.S.C. §§ 6501–6506 · 16 C.F.R. Part 312

Before collecting personal information from a child under 13, a covered operator must post a clear privacy notice, obtain verifiable parental consent, collect only what is reasonably necessary, keep it secure, give parents access and deletion rights, and not retain it longer than needed.

2025 amended Rule: The FTC’s amended COPPA Rule (finalized January 2025) adds separate opt-in parental consent before disclosing a child’s data to third parties (including for targeted advertising), a written data-retention policy that bars indefinite retention, a mandatory written information-security program, and an expanded definition of “personal information” covering biometric identifiers and government IDs. Announced by the FTC Jan 16, 2025 and published in the Federal Register Apr 22, 2025; effective June 23, 2025, with full compliance required by April 22, 2026.

16 C.F.R. Part 3122025 final rule
  • In force13
  • Enacted — enjoined4
  • Enacted — not yet effective7
  • Pending14
  • No in-scope law12

Building a connected product for kids?

Family-safety apps, kids’ smartwatches, and location-sharing tools collect exactly the data these laws govern — and they’re used by teens, where the rules get gray. Four obligation buckets drive most of the engineering work. Use the map’s Obligation lens to see which states impose each one.

  • Location & geolocation

    Precise location is sensitive data: notice and consent before you collect or share it, and limits on sharing a minor’s location.

    Driven by: Age-Appropriate Design Codes and the omnibus privacy laws, which treat precise geolocation as sensitive data.

  • Age-appropriate design

    High-privacy defaults for minors, no dark patterns, and a duty to assess risks before you ship a feature.

    Driven by: Age-Appropriate Design Codes and the minor social-media laws (defaults, no addictive feeds, no dark patterns).

  • Analytics & third parties

    You can’t freely drop in usage-telemetry or marketing SDKs on a child’s data — separate consent for third-party sharing, and bans on targeted ads and data sale to minors.

    Driven by: COPPA’s 2025 amendments (separate consent for third-party sharing), the privacy-law teen opt-ins, and minor social-media targeted-ad bans.

  • Consent & minimization

    Verifiable parental consent for younger children, teen opt-in above that, and collect only what the feature actually needs.

    Driven by: COPPA, the App Store Accountability Acts, and the teen opt-in provisions layered on top.

Operating nationwide? Comply to the high-water mark

These age thresholds don’t contradict each other — they stack, and they’re per-obligation. A product available in all 50 states has to meet the strictest threshold for each kind of duty, not the average.

  • Under 13

    Any data collection

    Verifiable parental consent before you collect a child’s personal information — COPPA, federal, every state. The 2025 amended Rule adds opt-in for third-party sharing and limits on retention.

  • Under 16–17

    Selling data · targeted ads · profiling

    Opt-in consent before you monetize teen data. California draws the sale/share line at under-16; Connecticut and Oregon at under-16; Montana, Delaware and New Jersey reach 16–17; Colorado, Maryland and New York extend duties to under-18.

  • Under 18

    App distribution · accounts · design defaults

    Parental consent to download or buy apps under the App Store Accountability Acts (Texas, Utah, Louisiana…), plus high-privacy defaults and duty-of-care under the Age-Appropriate Design Codes.

The practical upshot: an app that gates only at 13 — “we’re COPPA-compliant” — is still exposed to Texas’s under-18 app-store consent regime(SB 2420), where the burden of proof falls on the developer. Treat under-18 as the protected class for distribution and design, give under-13 the full COPPA treatment for any collection, and assume under-16/17 opt-in before you monetize teen data.

Not legal advice. I build products for a living; I'm not a lawyer. This is a personal tool I use to stay on top of the child-privacy landscape and understand how it shapes the features, apps, and products I design in the kids space — not guidance for anyone else. It's AI-assisted research, and AI can make mistakes: I make every effort to verify, check, and confirm each entry against primary sources as of June 28, 2026, but laws — and especially injunctions — change fast, so always confirm the latest on each law against the linked source before relying on it. Related: COPPA's Gray Areas · all writing.