S-1586-119
Read twice and referred to the Committee on Commerce, Science, and Transportation.
Sponsored by Mike Lee (R-UT)
What it does
This bill would require large app stores (those with more than 5 million U.S. users) to verify the age of all new account holders and, if a user is a minor, link their account to a verified parental account and obtain parental consent before allowing app downloads, purchases, or in-app purchases. App developers would be required to notify app stores of significant changes to their apps — such as new data collection, monetization features, or altered age ratings — triggering a new round of parental consent. The Federal Trade Commission (FTC) would enforce the law, and state attorneys general could bring civil suits on behalf of residents. A federal preemption clause would replace existing state laws on the same subject.
Who benefits
Parents who want visibility and control over what apps their minor children download and use. Children and teenagers who may be shielded from apps with inappropriate content, aggressive data collection, or predatory monetization. Child safety advocacy organizations. Smaller app developers who already comply with child-safety standards and would benefit from a uniform national rule replacing a patchwork of state laws. States with weaker existing child app protections, whose residents would gain a federal floor of protection. Attorneys general who gain a new enforcement tool.
Who is hurt
Large app store operators (primarily Apple and Google) who would bear significant compliance costs to build and maintain age verification and parental consent infrastructure. App developers who would face new notification obligations and potential liability for significant app changes. Teenagers aged 13–17 who may find the consent process burdensome or who have limited access to a cooperative parent or legal guardian. Privacy advocates concerned that age verification systems require collecting sensitive identity data on all users, including adults. States that have already enacted stronger child app protection laws, which would be preempted. Smaller app developers with limited resources to navigate new compliance requirements. Adults who may face friction in the account creation process due to age verification requirements applied to all users.
Supporters argue
Supporters argue that children are routinely exposed to apps that collect their personal data, serve them targeted advertising, and include in-app purchases without meaningful parental knowledge or consent — and that existing law (COPPA) only covers children under 13, leaving teenagers in a regulatory gap. They contend that a uniform federal standard eliminates the compliance confusion of a growing patchwork of state laws, and that requiring parental consent at the app store level — rather than app-by-app — is a more efficient and enforceable mechanism. They point to documented harms from social media and gaming apps targeting minors as evidence that the current voluntary system is insufficient.
Opponents argue
Opponents argue that mandatory age verification for all users requires app stores to collect sensitive identity documents or biometric data on hundreds of millions of people, creating vast new data troves that are themselves a privacy and security risk — potentially doing more harm than the problem they solve. They contend that the bill's broad preemption clause would nullify stronger state-level protections already enacted in states like California and Utah, lowering the effective standard for those residents. They further argue that the parental consent requirement could be used to restrict teenagers' access to legitimate health, educational, or LGBTQ+ support resources, and that the compliance burden falls disproportionately on smaller developers who lack the infrastructure of large platforms.
Constitutional context
Congress's authority to regulate app stores and developers rests on the Commerce Clause (Art. I, §8, cl. 3), as these are commercial actors engaged in interstate and international digital commerce — well within the aggregation principle established in Wickard v. Filburn (1942). The bill delegates rulemaking and enforcement guidance to the FTC; under Loper Bright v. Raimondo (2024), courts will independently review whether the FTC's implementing guidance stays within the bill's statutory boundaries rather than deferring to the agency's interpretation. The bill's broad preemption of state law and its data minimization requirements for age verification data also implicate the Due Process Clause (5th Amendment) to the extent they affect how personal data is collected and retained.
Checks and balances
Congress sets the substantive obligations; the FTC gains new enforcement and certification authority over app stores and developers, checked by a statutory requirement that enforcement actions cite specific statutory violations rather than guidance documents alone; state attorneys general gain concurrent civil enforcement authority, subject to FTC coordination and intervention rights.
Historical precedent
The Children's Online Privacy Protection Act (COPPA, 1998) established the existing federal framework for parental consent over data collection from children under 13, and has been the primary federal child online privacy law for over two decades; this bill would extend a similar consent model to minors up to age 18 and shift the consent mechanism to the app store layer.