Bill > SB0051

This bill creates the Illinois Age-Appropriate Design Code Act, which establishes comprehensive privacy and safety protections for children using online services, products, or features. The legislation requires businesses to complete a data protection impact assessment for any online service likely to be accessed by children, evaluating potential risks such as exposure to harmful content, targeted advertising, and algorithmic impacts on children. Businesses must estimate users' ages, configure default privacy settings to high levels of protection, provide clear and age-appropriate privacy information, and avoid using children's personal information in ways that could be materially detrimental to their physical or mental health. The bill prohibits practices like profiling children by default, collecting unnecessary personal information, and using "dark patterns" to manipulate children. A Children's Data Protection Working Group will be established to develop best practices for implementation, and businesses found in violation can face civil penalties of up to $2,500 per affected child for negligent violations and $7,500 per affected child for intentional violations. The law applies to online services, products, or features reasonably expected to be accessed by children under 18, with enforcement conducted by the Attorney General and a mandatory data protection impact assessment deadline of July 1, 2026, for existing online services.

Government Affairs

https://www.ilga.gov/legislation/BillStatus.asp?DocNum=51&GAID=18&DocTypeID=SB&SessionID=114&GA=104