Utah Gov. Spencer Cox signed House Bill 311 and Senate Bill 152 on Thursday, which regulate how social media platforms engage with minors. Under Utah law, minors are now prohibited from entering into any online contract without parental consent.
The regulations represent the first of their kind in the US. A growing number of states along with Congress are considering similar measures to protect children and youth from the harms of social media.
SB 152 requires social media companies to verify the age of users and obtain parental consent to create accounts for minors, while HB 311 prohibits social media companies from utilizing features that promote addiction to their platform among minors.
HB 311 creates the legal presumption that within a private right of action, any minor under the age of 16 is presumed to be harmed with the burden of proof falling upon social media companies.
We’re no longer willing to let social media companies continue to harm the mental health of our youth. Today we signed two key bills in our fight against social media companies into law:
➡️ SB152 requires social media companies to verify that users in https://t.co/GVAcSi9zHx… pic.twitter.com/M1Kbya1xQi
— Utah Gov. Spencer J. Cox (@GovCox) March 23, 2023
Prior to the passing of the bills, Cox had been vocal about the harms of social media on youth mental health, hosting a symposium on ‘Social Media and Youth Mental Health’ in January that outlined legislative efforts to mitigate the harm.
In a statement following the signing, the Family Online Safety Institute (FOSI) expressed concerns that the legislation could cause unintentional harm.
“Age assurance is a complicated issue, and while verifying age has the potential to increase online safety, the approach of requiring platforms to use hard identifiers for both parent and child is overly complex and not a fail-safe solution,” the statement read. “Recent research by our organization shows that there is no singular method of age assurance that is both effective and trusted by users enough to make it standard.
Mandating the collection and storage of sensitive, personally identifiable information on every user also raises serious privacy concerns. These new data collection requirements are the opposite of data minimization, which is widely agreed upon as an industry standard goal.”
FOSI said the more user data is collected, the higher the risk that information is mishandled, misused, or stolen.