Utah governor signs first-ever regulations on social media for minors into law


Boram Kim


Utah Gov. Spencer Cox signed House Bill 311 and Senate Bill 152 on Thursday, which regulate how social media platforms engage with minors. Under Utah law, minors are now prohibited from entering into any online contract without parental consent. 


Stay one step ahead. Join our email list for the latest news.



The regulations represent the first of their kind in the US. A growing number of states along with Congress are considering similar measures to protect children and youth from the harms of social media. 

SB 152 requires social media companies to verify the age of users and obtain parental consent to create accounts for minors, while HB 311 prohibits social media companies from utilizing features that promote addiction to their platform among minors. 

HB 311 creates the legal presumption that within a private right of action, any minor under the age of 16 is presumed to be harmed with the burden of proof falling upon social media companies. 



Prior to the passing of the bills, Cox had been vocal about the harms of social media on youth mental health, hosting a symposium on ‘Social Media and Youth Mental Health’ in January that outlined legislative efforts to mitigate the harm.

In a statement following the signing, the Family Online Safety Institute (FOSI) expressed concerns that the legislation could cause unintentional harm. 

“Age assurance is a complicated issue, and while verifying age has the potential to increase online safety, the approach of requiring platforms to use hard identifiers for both parent and child is overly complex and not a fail-safe solution,” the statement read. “Recent research by our organization shows that there is no singular method of age assurance that is both effective and trusted by users enough to make it standard.

Mandating the collection and storage of sensitive, personally identifiable information on every user also raises serious privacy concerns. These new data collection requirements are the opposite of data minimization, which is widely agreed upon as an industry standard goal.”

FOSI said the more user data is collected, the higher the risk that information is mishandled, misused, or stolen.