Skip to content

State Children's Privacy Law Tracker / Illinois

Illinois Children's Privacy Laws (2026)

3 laws & bills tracked · overall: Pending · current as of June 28, 2026

Illinois has 3 tracked children's privacy laws and bills — each listed below with its status, the ages it covers, litigation posture, and a link to the official primary source. For the interactive view, open Illinois in the tracker map.

Children's Online Social Media Safety Act (HB 5511) · HB 5511

Pending A bill was introduced this cycle but is not yet law. · Social media · effective 2028-01-01 · binds operators, platforms

Ages: under 13; 13-15; 16-17; 18+

Requires: OS providers (Apple/Google) must offer an age-indication interface at device/account setup and supply age-category signals (under 13, 13-15, 16-17, 18+) to apps that request them by no later than 1/1/2028; social-media platform operators must conduct age verification and apply default minor protections (limit algorithmic feeds, restrict profile visibility, location sharing, nighttime notifications). Enforced by the Illinois Attorney General; civil penalties up to $2,500/child (negligent) and $7,500/child (intentional).

Litigation: No injunction (bill unsigned, cannot be enjoined). NetChoice submitted a veto-request letter to Gov. Pritzker and signaled likely First Amendment litigation if the bill becomes law.

Primary source

Parental Consent for Social Media Act (SB 2316) · SB 2316

Pending A bill was introduced this cycle but is not yet law. · Social media · binds operators, platforms

Ages: under 18

Requires: Would bar social-media platforms from allowing Illinois minors (<18) to hold accounts without express parental/guardian consent; require third-party 'reasonable age verification' before access; prohibit minor access 10pm-6am; bar retention of identifying info after access is granted. Civil penalties up to $2,500/violation.

Litigation: None — not enacted.

Primary source

Illinois Age-Appropriate Design Code Act · SB51

Pending A bill was introduced this cycle but is not yet law. · Design code · binds operators

Ages: Children under 18

Requires: Businesses offering an online service, product, or feature likely to be accessed by children would have to complete and maintain a data protection impact assessment, configure default privacy settings to a high level of privacy for children, and turn off precise geolocation collection by default. It bans profiling children by default and using dark patterns to lead children to provide unnecessary personal data, unless a compelling, child-best-interest justification exists.

Primary source
Federal · COPPAapplies here too

Regardless of state law, COPPA governs personal information collected from children under 13: notice, verifiable parental consent, data minimization, and — under the 2025 amended Rule — limits on retention and third-party sharing.

Source

How Illinois compares

Not legal advice. I build products for a living; I'm not a lawyer. Compiled from primary sources and reviewed monthly as part of the State Children's Privacy Law Tracker; AI-assisted research, verified against each law's official source — but laws and injunctions change fast, so confirm the latest before relying on it. Related: COPPA's Gray Areas.