Tim Bernard recently completed an MBA at Cornell Tech, focusing on tech policy and trust & safety issues. He previously led the content moderation team at Seeking Alpha, and worked in various capacities in the education sector.
Bipartisan federal bills aimed at protecting children online continue to be introduced and reintroduced in Congress, from KOSA, STOP CSAM, and EARN-IT to COPPA 2.0. But given that none of these bills appear likely to become law, it’s perhaps no surprise that the States have taken up the mantle to protect children online. California led the way with the California Age Appropriate Design Code Bill (AADC), signed into law last September and set to take effect in July of next year, pending legal challenge. Another notable example from last year is Louisiana’s law requiring adult websites to verify the age of users in an effort to restrict access by children.
In fact, the sheer scale of these State legislative efforts is eye-opening. Based upon an in-depth review of state legislatures, I identified 144 different bills, spanning 43 states, that were introduced in 2023 and specifically attempt to protect children from various harms on the Internet. These laws vary significantly, with some pronounced differences between Democratic and Republican legislators: in very broad strokes, Democrats have proposed laws similar to the AADC that require platforms to mitigate harms to minors, while Republicans appear to be focused on age verification measures or filtering laws, often to restrict access to pornography.
This year, Utah has already enacted three related laws: one on age verification for pornographic websites, and two that establish regulations on social media: a ban on designs or features that cause addiction among minors along with an attempt to open social media platforms up for civil liability for harms caused to children, and a requirement that platforms verify the age of users, obtain parental consent for minors, and restrict minors’ usage during nighttime hours. (Utah also passed a mobile device pornography filtering law back in 2021, with enforcement deferred until at least five other states pass similar laws.) But these are far from the only bills under consideration this year.
To highlight one important contrast in each legislative approach, the AADC bills typically stipulate that minor users must be clearly alerted if their parents or guardians are tracking their activity on a platform, whereas some of the age verification / parental consent bills insist on parents having access to their children’s online activity. One commonality among many bills is to limit the data collected about children by platforms.
Many of the bills use almost identical language, while some differ in details, and some approach the problems from very different angles altogether. For example, several bills add Internet safety to school curriculums, or tighten criminal law around the enticement of minors to include online communication—measures which tend not to have a particular partisan affinity.
Several are general data protection bills benefiting Internet users of all ages, not just children, that in passing that would add to the protections for children’s data, either up to age 13, following COPPA, or up to 18. California passed a comprehensive data privacy law back in 2018 and updated its provisions in 2020, and yet, again, the US Congress has thus far failed to enact a comprehensive federal law such as the ADPPA, leaving States to create a patchwork of their own frameworks.
It is perhaps surprising that so many near-identical bills are being considered, given the legal and practical uncertainty around the recently enacted legislation on which many are modeled: like California’s AADC, which is being challenged by big tech industry group NetChoice, and Utah’s age-verification law that is being challenged by the adult industry group the Free Speech Coalition.
While the pure volume of bills focused on child safety issues might seem to favor the arguments of those who characterize these legislative efforts as part of a moral panic, more circumspect approaches are also being pursued in some cases, such as the education efforts mentioned above; two bills that seek to isolate addictive design as a specific harm that platforms should seek to avoid (a narrowly tailored approach that is may be more likely to pass judicial scrutiny); and bills in five states (both red and blue) that restrict the collection of student data by technology vendors to schools or otherwise seek to protect student privacy.
The legislative process is ongoing in many states, and the bills are subject to amendment, so this data only offers a snapshot in time of the overall landscape. With varying search tools on state legislature websites, and the possibility of new bills being introduced, the table is also likely to be incomplete. If you find any significant omissions please email us. Tech Policy Press also welcomes contributors to submit articles that find different patterns or provide other relevant analysis of these state legislative efforts.
Tim Bernard is a tech policy analyst and writer, specializing in trust & safety and content moderation. He completed an MBA at Cornell Tech and previously led the content moderation team at Seeking Alpha, as well as working in various capacities in the education sector. His prior academic work includes an MA in Talmud and a BA in Philosophy.