Skip to content

State Children's Privacy Law Tracker / Minnesota

Minnesota Children's Privacy Laws (2026)

3 laws & bills tracked · overall: In force · current as of June 28, 2026

Minnesota has 3 tracked children's privacy laws and bills — each listed below with its status, the ages it covers, litigation posture, and a link to the official primary source. For the interactive view, open Minnesota in the tracker map.

Stop Harms from Addictive Social Media Act amendments (HF 4138) · HF 4138 (2026 Minn. Laws ch. 111)

Enacted — not yet effective Signed into law; its effective date is still in the future. · Social media · effective 2027-07-01 · binds platforms, operators

Ages: Under 16 (treated as 'child'/15-or-younger when not confidently estimated at 16+)

Requires: Covered social media platforms (10,000+ MN account holders or $1B+ worldwide revenue) must run age estimation on account holders, treat anyone not confidently 16+ as a child (15 or younger), obtain verifiable parental consent to create/maintain a child's account, default child accounts to highest privacy settings, ban addictive features (infinite scroll, autoplay, push notifications) and targeted paid ads for child accounts, and provide parental monitoring/deletion tools. Enforced by AG under deceptive-trade-practices law plus a private right of action ($10,000 statutory damages per knowing/reckless violation).

Litigation: No suit filed against HF 4138 as of 2026-06-27; not enjoined. NetChoice opposed the bill and has threatened a First Amendment challenge but had not sued as of the cutoff. The active NetChoice v. Ellison case (D. Minn., filed Apr 29, 2026) targets the separate warning-label statute, Minn. Stat. 325M.335, not this law.

Primary source

Minnesota Age-Appropriate Design Code Act · HF 4511 (companion SF 4574)

Pending A bill was introduced this cycle but is not yet law. · Design code · binds operators

Ages: Children 0-17 (online products children are reasonably likely to access)

Requires: Would require businesses offering online products/services children are reasonably likely to access to prioritize children's privacy, safety, and well-being over commercial interests; complete a data protection impact assessment before launching such products; default to high-privacy settings for child users; provide age-appropriate privacy notices; and prohibits dark patterns that push children to share more data. Enforced by the Attorney General.

Primary source

Minnesota Consumer Data Privacy Act (MCDPA) — minors' provisions · HF 4757 (2024, Ch. 121)

In force Effective and enforceable today. · Privacy law (minors) · effective 2025-07-31 · binds operators

Ages: Known children under 13 (COPPA); teens 13-16

Requires: A controller may not process the personal data of a consumer for targeted advertising, or sell it, without consent where the controller knows the consumer is between 13 and 16 (Minn. Stat. 325M.16, subd. 2(f)). Processing the personal/sensitive data of a 'known child' (under 13) requires consent from a parent or lawful guardian in accordance with COPPA (subd. 2(d)); COPPA-compliant verifiable parental consent satisfies the obligation.

Primary source
Federal · COPPAapplies here too

Regardless of state law, COPPA governs personal information collected from children under 13: notice, verifiable parental consent, data minimization, and — under the 2025 amended Rule — limits on retention and third-party sharing.

Source

How Minnesota compares

Not legal advice. I build products for a living; I'm not a lawyer. Compiled from primary sources and reviewed monthly as part of the State Children's Privacy Law Tracker; AI-assisted research, verified against each law's official source — but laws and injunctions change fast, so confirm the latest before relying on it. Related: COPPA's Gray Areas.