Skip to content

State Children's Privacy Law Tracker / New Hampshire

New Hampshire Children's Privacy Laws (2026)

2 laws & bills tracked · overall: In force · current as of June 28, 2026

New Hampshire has 2 tracked children's privacy laws and bills — each listed below with its status, the ages it covers, litigation posture, and a link to the official primary source. For the interactive view, open New Hampshire in the tracker map.

New Hampshire HB 1460 — prohibition on the sale of a child's personal data (amending RSA 507-H) · HB 1460 (2026), Chapter 168

Enacted — not yet effective Signed into law; its effective date is still in the future. · Design code · effective 2027-01-01 · binds operators

Ages: Children under 13 (COPPA definition of 'child')

Requires: Amends the NH Data Privacy Act (RSA 507-H:6) to impose a blanket ban on selling a child's personal data — including location and other sensitive data — by controllers covered by the privacy law. The prohibition applies regardless of whether the entity has actual knowledge the data belongs to a child and regardless of parental consent, going beyond the existing COPPA-aligned consent baseline. 'Child' tracks COPPA (under 13). Signed by Gov. Ayotte 06/19/2026 as Chapter 168; effective 01/01/2027 (after today, so not yet in force). Note: a separate formal NH Age-Appropriate Design Code, HB 1650 (Litchfield), was killed 'Inexpedient to Legislate' on 03/11/2026, so HB 1460 is the enacted child-specific data-protection statute.

Primary source

New Hampshire Data Privacy Act (RSA 507-H, enacted via SB 255) — minors' provisions · SB 255 (2024); codified at RSA 507-H

In force Effective and enforceable today. · Privacy law (minors) · effective 2025-01-01 · binds operators

Ages: Known children under 13 (per COPPA); teens at least 13 but younger than 16

Requires: A controller must not process the sensitive data of a 'known child' except in accordance with COPPA, and 'child' is defined by reference to COPPA (under 13) (RSA 507-H:6, I(d); 507-H:1). For consumers the controller has actual knowledge (and willfully disregards) are at least 13 but younger than 16, the controller must obtain consent before processing their personal data for targeted advertising or selling it (RSA 507-H:6, I(g)). Controllers complying with COPPA's verifiable parental consent satisfy the chapter's parental-consent obligations (RSA 507-H:3).

Primary source
Federal · COPPAapplies here too

Regardless of state law, COPPA governs personal information collected from children under 13: notice, verifiable parental consent, data minimization, and — under the 2025 amended Rule — limits on retention and third-party sharing.

Source

How New Hampshire compares

Not legal advice. I build products for a living; I'm not a lawyer. Compiled from primary sources and reviewed monthly as part of the State Children's Privacy Law Tracker; AI-assisted research, verified against each law's official source — but laws and injunctions change fast, so confirm the latest before relying on it. Related: COPPA's Gray Areas.