Skip to content

State Children's Privacy Law Tracker / California

California Children's Privacy Laws (2026)

5 laws & bills tracked · overall: In force · current as of June 28, 2026

California has 5 tracked children's privacy laws and bills — each listed below with its status, the ages it covers, litigation posture, and a link to the official primary source. For the interactive view, open California in the tracker map.

AB 1043 — Digital Age Assurance Act · AB 1043

Enacted — not yet effective Signed into law; its effective date is still in the future. · App store · effective 2027-01-01 · binds app stores, platforms, developers, operators

Ages: minors by age bracket (under 13, 13-15, 16-17)

Requires: Requires OS providers to collect a user's birth date/age at account setup and pass an age-bracket signal via a real-time API to apps available in covered app stores; app developers must request and use that signal as a primary age indicator. AG-enforced civil penalties ($2,500 negligent / $7,500 intentional per affected child).

Litigation: No litigation filed or injunction entered as of 2026-06-27.

Primary source

SB 976 — Protecting Our Kids from Social Media Addiction Act · SB 976

In force Effective and enforceable today. · Social media · effective 2025-01-01 · binds operators, platforms

Ages: under 18 (minors)

Requires: Bars covered platforms from providing algorithmic 'addictive feeds' to known minors without verifiable parental consent; mandates default private mode and other minor-protective default settings; restricts overnight/school-hours notifications to minors; from Jan 1, 2027 requires age-assurance techniques per AG regulations. Enforced solely by the AG.

Litigation: NetChoice, LLC v. Bonta, No. 25-146 (9th Cir.) — Sept 9, 2025 panel UPHELD addictive-feed consent + default-private-mode provisions, enjoined ONLY the like-count/engagement-metrics provision; en banc rehearing DENIED Nov 6, 2025. Underlying case D.C. No. 5:24-cv-07885-EJD (N.D. Cal., J. Davila). NOT to be confused with No. 25-2366 (the CAADCA/AB 2273 case, J. Beth Labson Freeman, decided Mar 12, 2026).

Primary source

AB 56 — Social media: warning labels · AB 56

Enacted — not yet effective Signed into law; its effective date is still in the future. · Social media · effective 2027-01-01 · binds operators, platforms

Ages: under 18 (minors)

Requires: Requires covered social media platforms to display a black-box mental-health warning to minor users on first daily access (>=25% of screen, >=10 seconds), again after 3 cumulative hours of use (non-dismissible, >=75% of screen, 30 seconds), and at least hourly thereafter, using prescribed Surgeon-General warning text.

Litigation: No suit filed as of 2026-06-27; industry anticipates a likely compelled-speech First Amendment challenge before the Jan 1, 2027 effective date, but none is on file.

Primary source

California Age-Appropriate Design Code Act (CAADCA) · AB 2273 (2021-2022), Chapter 320

Enacted — enjoined Passed, but a court has currently blocked enforcement. · Design code · effective 2024-07-01 · binds operators

Ages: Children under 18 (minors)

Requires: Businesses offering online products/services likely to be accessed by children under 18 must configure default privacy settings to a high level of privacy for child users, estimate the age of child users or apply child protections to all users, provide age-appropriate privacy notices, and limit collection/use of children's personal data and precise geolocation. Core duties — data protection impact assessments, the 'materially detrimental to well-being'/best-interests data-use limits, profiling-by-default restrictions, and dark-patterns prohibitions — are currently blocked by court injunction and not enforceable.

Litigation: NetChoice, LLC v. Bonta (9th Cir.). On March 12, 2026 the Ninth Circuit vacated the district court's blanket preliminary injunction but held that the DPIA/risk-assessment requirement, the data-use 'materially detrimental'/best-interests limits, profiling-by-default restrictions, and dark-patterns provisions remain enjoined as unconstitutionally vague; the age-estimation, high-default-privacy-settings, child-appropriate privacy-policy, geolocation, and related provisions are no longer enjoined. Remanded to N.D. Cal. for further proceedings on age estimation and severability; the act is partially enjoined, not wholly blocked.

Primary source

California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) — minors' provisions · Cal. Civ. Code 1798.120 (CCPA, as amended by Prop 24 / CPRA)

In force Effective and enforceable today. · Privacy law (minors) · effective 2020-01-01 · binds operators

Ages: Consumers known to be under 16; teens 13-15 may self-consent, children under 13 require parent/guardian consent

Requires: A business that has actual knowledge a consumer is under 16 may not sell or share that consumer's personal information unless it obtains affirmative opt-in consent: a consumer aged 13-15 may authorize the sale/sharing themselves, while for a consumer under 13 the parent or legal guardian must authorize it. Willfully disregarding a consumer's age is treated as actual knowledge, and minors are opted out by default (opt-in) rather than required to opt out.

Primary source
Federal · COPPAapplies here too

Regardless of state law, COPPA governs personal information collected from children under 13: notice, verifiable parental consent, data minimization, and — under the 2025 amended Rule — limits on retention and third-party sharing.

Source

How California compares

Not legal advice. I build products for a living; I'm not a lawyer. Compiled from primary sources and reviewed monthly as part of the State Children's Privacy Law Tracker; AI-assisted research, verified against each law's official source — but laws and injunctions change fast, so confirm the latest before relying on it. Related: COPPA's Gray Areas.