Skip to content

State Children's Privacy Law Tracker / Montana

Montana Children's Privacy Laws (2026)

2 laws & bills tracked · overall: In force · current as of June 28, 2026

Montana has 2 tracked children's privacy laws and bills — each listed below with its status, the ages it covers, litigation posture, and a link to the official primary source. For the interactive view, open Montana in the tracker map.

SB 297 (2025) — amendments to the Montana Consumer Data Privacy Act (Ch. 567, Laws of 2025) · SB 297 (Ch. 567, Laws of 2025)

In force Effective and enforceable today. · Age assurance · effective 2025-10-01 · binds operators, developers

Ages: Under 18 (minor); under 13 requires COPPA verifiable parental consent; 13-17 requires the minor's consent

Requires: Amends the MTCDPA to impose child-directed (age-appropriate-design) duties on controllers offering an online service, product, or feature to consumers the controller actually knows or willfully disregards is a minor (under 18). Imposes a duty of reasonable care to avoid a heightened risk of harm to minors; requires consent before processing a minor's data for targeted advertising, sale, certain profiling, extended retention, or precise geolocation — the minor's own consent for ages 13-17 and COPPA verifiable parental consent for children under 13; restricts design features that significantly increase, sustain, or extend a minor's use; and requires data protection assessments for processing presenting a heightened risk to minors. Expressly does NOT require age verification or age-gating, but provides a safe harbor for commercially reasonable age estimation.

Litigation: None found. No lawsuit or injunction against SB 297's minors provisions as of 2026-06-27. (Distinct from the unrelated Montana pornography age-verification law challenged in Free Speech Coalition v. Knudsen, which is out of scope here.)

Primary source

Montana Consumer Data Privacy Act (MCDPA) — minors' provisions (as amended by SB 297) · SB 297 (2025); MCDPA codified at MCA 30-14-2801 et seq.

In force Effective and enforceable today. · Privacy law (minors) · effective 2025-10-01 · binds operators

Ages: Children under 13 (verifiable parental consent); minors under 18 (13-17 give their own consent)

Requires: A controller that knows or willfully disregards that a consumer is a minor (under 18) may not process the minor's personal data for targeted advertising, sale, or profiling in furtherance of legal/significant effects without the minor's consent; for a child under 13, verifiable parental consent is required (consistent with COPPA). Controllers must also exercise reasonable care to avoid a heightened risk of harm to minors, may not use dark patterns or system design to significantly increase/sustain/extend minor engagement, and must limit precise-geolocation collection and data retention. These minor-specific duties apply with no numerical applicability thresholds.

Primary source

Also on the books (out of scope): SB 544 (2023), as amended by Ch. 199, Laws of 2025 — Age Verification for Materi — out-of-scope mandates (like adult-content age-gates) are tracked separately and don't set this state's status.

Federal · COPPAapplies here too

Regardless of state law, COPPA governs personal information collected from children under 13: notice, verifiable parental consent, data minimization, and — under the 2025 amended Rule — limits on retention and third-party sharing.

Source

How Montana compares

Not legal advice. I build products for a living; I'm not a lawyer. Compiled from primary sources and reviewed monthly as part of the State Children's Privacy Law Tracker; AI-assisted research, verified against each law's official source — but laws and injunctions change fast, so confirm the latest before relying on it. Related: COPPA's Gray Areas.