[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3149 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 3149
To safeguard children by providing parents with clear and accurate
information about the apps downloaded and used by their children and to
ensure proper parental consent is achieved, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 1, 2025
Mr. James (for himself and Mr. Bilirakis) introduced the following
bill; which was referred to the Committee on Energy and Commerce
_______________________________________________________________________
A BILL
To safeguard children by providing parents with clear and accurate
information about the apps downloaded and used by their children and to
ensure proper parental consent is achieved, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``App Store
Accountability Act''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Definitions.
Sec. 3. App store obligations.
Sec. 4. App developer obligations.
Sec. 5. Compliance.
Sec. 6. Enforcement by the Federal Trade Commission.
Sec. 7. Enforcement by States.
Sec. 8. Safe harbor.
Sec. 9. Preemption.
Sec. 10. Severability.
Sec. 11. Effective date.
SEC. 2. DEFINITIONS.
In this Act:
(1) Age category.--The term ``age category'' means the
category of an individual based on their age, including the
following categories:
(A) Adult.--An ``adult'' is such an individual who
has attained 18 years of age.
(B) Teenager.--A ``teenager'' is such an individual
who has attained 16 years of age but has not attained
18 years of age.
(C) Child.--A ``child'' is such an individual who
has attained 13 years of age but has not attained 16
years of age.
(D) Young child.--A ``young child'' is such an
individual who has not attained 13 years of age.
(2) Age category data.--The term ``age category data''
means information that identifies the age category of a user
and is collected by a covered app store provider and shared
with an app developer.
(3) Age rating.--The term ``age rating'' means a publicly
displayed assessment of an app's appropriateness for different
age categories.
(4) App.--The term ``app'' means a software application or
electronic service that may be run or directed by a user on a
computer, mobile device, or any other general purpose computing
device.
(5) App developer.--The term ``app developer'' means any
person that owns or controls an app on the app store of a
covered app store provider and is available in the United
States.
(6) App store.--The term ``app store'' means a publicly
available website, software application, or other electronic
service that distributes and facilitates the download onto a
mobile device of an app from a third-party developer by a user
of a computer, mobile device, or any other general purpose
computing device.
(7) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(8) Covered app store provider.--The term ``covered app
store provider'' means any person that owns or controls an app
store available in the United States and for which users in the
United States exceed 5,000,000.
(9) Know.--The term ``know'' means to have actual knowledge
or willful disregard.
(10) Minor.--The term ``minor'' means an individual who has
not attained 18 years of age.
(11) Mobile device.--The term ``mobile device'' means a
phone or general purpose tablet that provides cellular or
wireless connectivity, is capable of connecting to the
Internet, runs a mobile operating system, and is capable of
running apps through the mobile operating system.
(12) Mobile operating system.--The term ``mobile operating
system'' means a set of software that manages mobile device
hardware resources, provides common services for mobile device
programs, controls memory allocation, and provides interfaces
for applications to access device functionality.
(13) Parent.--The term ``parent'', with respect to a minor,
means an adult with the legal right to make decisions on behalf
of the minor, including--
(A) a natural parent;
(B) an adoptive parent;
(C) a legal guardian; or
(D) an individual with legal custody over the
minor.
(14) Parental account.--The term ``parental account'' means
an account with a covered app store provider that is--
(A) verified to be established by an individual who
the app store provider has determined is at least 18
years of age through the covered app store provider's
age verification method or process; and
(B) affiliated with one or more account of a user
or prospective user who is a minor.
(15) Parental consent disclosure.--The term ``parental
consent disclosure'' means the following information that is
provided to a parent before obtaining parental consent--
(A) a description of--
(i) the personal data collected by the app
from a user; and
(ii) the personal data shared by the app
with a third party;
(B) a description of the measures taken by the app
developer to protect the confidentiality of the user's
personal data;
(C) if there is an age rating for the app or an in-
app purchase, the app's or in-app purchase's age
rating; and
(D) if there is a content description for the app
or in-app purchase, the app's or in-app purchase's
content description.
(16) Personal data.--The term ``personal data'' has the
same meaning as the term ``personal information'' as defined in
section 1302 of the Children's Online Privacy Protection Act
(15 U.S.C. 6501).
(17) Signal.--The term ``signal'' means age bracketed data
sent by a real-time secure application programming interface or
operating system that is likely to be accessed by minors.
(18) Significant change.--The term ``significant change''
means a material modification of an app's terms of service or
privacy policy that--
(A) changes the category of data collected or
stored;
(B) changes the category of data shared with an
unaffiliated third party that is not a service provider
or processor;
(C) alters the app's age rating or content
description;
(D) adds new monetization features, including in-
app purchases or advertisements; or
(E) changes the app's user experience or
functionality in a manner that a reasonable individual
would view as material.
(19) Verifiable parental consent.--The term ``verifiable
parental consent'' means authorization that is provided--
(A) by a parental account;
(B) in response to a clear and conspicuous parental
content disclosure; and
(C) signifies a parent's freely given, specific,
informed, and unambiguous agreement.
SEC. 3. APP STORE OBLIGATIONS.
(a) In General.--Each covered app store provider shall--
(1) at the time an individual creates an account with the
covered app store provider--
(A) request age information from the individual;
and
(B) verify the individual's age category using a
commercially available method or process that is
reasonably designed to ensure accuracy;
(2) if the age verification method or process determines
the individual is a minor--
(A) require the account to be affiliated with a
parental account; and
(B) obtain verifiable parental consent from the
holder of the affiliated parental account before
allowing the minor to download or purchase an app or
make an in-app purchase;
(3) after receiving notice of a significant change from an
app developer--
(A) notify the user of a significant change; and
(B) for a minor account, notify the holder of the
affiliated parental account and obtain a new verifiable
parental consent;
(4) provide to an app developer the user's age category and
the status of verified parental consent if the user is a minor;
(5) notify an app developer when a parent revokes
verifiable parental consent;
(6) protect the confidentiality of personal data related to
age verification by--
(A) limiting its collection, processing, and
storage to what is strictly necessary to verify a
user's age, obtain verifiable parental consent, or
maintain compliance records; and
(B) safeguarding personal data related to age
verification by adopting reasonable administrative,
technical, and physical safeguards to secure the
collection, processing, storage, and transmission of
this data, including through industry-standard
encryption;
(7) if a covered app store provider displays an age rating
or description of an app's content, the age rating and
description must be clearly and prominently displayed and be in
plain and concise language; and
(8) provide to an app developer the ability to determine,
in real time, the age category of any user and, with respect to
any user that is a minor, whether the covered app store
provider has obtained verifiable parental consent.
(b) Rules of Construction.--Nothing in this section shall be
construed--
(1) to prevent a covered app store provider from taking
reasonable measures to block, detect, or prevent the
distribution of unlawful or obscene material to minors, to
block or filter spam, to prevent criminal activity, or to
protect the security of an app store or app;
(2) to require a covered app store provider to disclose to
an app developer information other than such user's age
category and, with respect to any user that is a minor, whether
the covered app store provider has obtained verifiable parental
consent in accordance with this section;
(3) to allow a covered app store provider to use any
measures required by this section in a way that is arbitrary,
capricious, anti-competitive, or unlawful; or
(4) to affect or restrict the expression of political,
religious, or other viewpoints.
SEC. 4. APP DEVELOPER OBLIGATIONS.
(a) In General.--An app developer shall--
(1) verify through a covered app store's method or process
the age category of the app developer's users or potential
users and, for a minor account, whether verifiable parental
consent has been obtained;
(2) notify a covered app store provider of a significant
change to the app; and
(3) request age category data or verifiable parental
consent--
(A) at the time a potential app user downloads or
purchases an app;
(B) when the app developer implements a significant
change to the app; or
(C) to comply with an applicable law or regulation.
(b) App Developer Requests.--An app developer may request age
category data or verifiable parental consent--
(1) no more than once during each 12-month period to verify
the accuracy of user age verification data or continued account
use within the verified age category;
(2) when there is reasonable suspicion of account transfer
or misuse outside the verified age category; or
(3) at the time a user creates a new account with the app
developer.
(c) Permissible Uses.--An app developer may use age category data
to--
(1) enforce any app developer-created age-related
restrictions;
(2) ensure compliance with applicable laws and regulations;
and
(3) implement any app developer-created features or
defaults.
(d) Restrictions.--An app developer may not--
(1) enforce a contract or terms of service against a minor
unless the app developer has verified through the covered app
store provider that verifiable parental consent has been
obtained;
(2) knowingly misrepresent any material information in the
parental consent disclosure; or
(3) share age category data with an unaffiliated third
party that is not a service provider or processor.
(e) App Age Rating.--If an app developer provides an age rating or
description of an app's content to a covered app store or user, the age
rating or description must be in plain and concise language.
(f) Covered App Store Provider Signal.--
(1) In general.--Each app developer shall use a covered app
store provider's signal to determine the age category of a
user.
(2) Rule of construction.--Receipt of a covered app store
provider's signal serves as actual knowledge of a user's age
category.
SEC. 5. COMPLIANCE.
(a) Guidance.--
(1) In general.--Not later than 1 year after the date of
enactment of this Act, the Commission shall issue guidance to
assist covered app store providers and app developers in
complying with the requirements of this Act.
(2) Limitations.--
(A) No conferring of rights or binding effect.--Any
guidance issued by the Commission with respect to this
Act shall not confer any rights on any person, State,
or locality, nor shall such guidance operate to bind
the Commission or any person to the approach
recommended in such guidance.
(B) Basis of enforcement actions.--In any
enforcement action brought pursuant to this Act, the
Commission shall allege a specific violation of a
provision of this Act. The Commission may not base an
enforcement action on, or execute a consent order based
on, practices that are alleged to be inconsistent with
any such guidelines, unless the practices allegedly
violate sections 3 or 4.
(b) Mechanism To Certify Compliance.--
(1) In general.--The Commission shall--
(A) establish a mechanism, in such form and manner
as the Commission determines is appropriate, for any
covered app store provider to submit a request for the
Commission to review their policies relevant to the
requirements under section 3; and
(B) not later than 30 days after receiving such a
request--
(i) review such policies to determine
whether the covered app store provider that
submitted such request is compliant with such
requirements; and
(ii) if the Commission determines that such
provider is compliant with such requirements
and does not permit or is able to quickly
remedy any method of circumventing such
requirements, submit to Congress and make
publicly available on the website of the
Commission a notice certifying that such
provider is compliant with such requirements.
(2) Notification of significant changes.--If a covered app
store provider that the Commission certifies is compliant with
the requirements of section 3 makes a significant change to any
policy of such provider that is relevant to such requirements,
such provider shall notify the Commission of such change to
ensure that the change does not impact the certification of
compliance under paragraph (1).
(3) Period of eligibility.--A certification of compliance
under paragraph (1) shall be valid for 1 year after the date of
the issuance of such certification.
(c) Complaints.--
(1) In general.--The Commission shall establish a mechanism
to receive complaints regarding the compliance of any covered
app store provider with the requirements described in section
3.
(2) Review.--The Commission shall regularly review any
complaints received through the mechanism described in
paragraph (1) and, if necessary, evaluate the covered app store
provider's certification of compliance under subsection (b)(1).
SEC. 6. ENFORCEMENT BY THE FEDERAL TRADE COMMISSION.
(a) Unfair or Deceptive Acts or Practices.--A violation of this Act
or a regulation promulgated thereunder shall be treated as a violation
of a rule defining an unfair or deceptive act or practice under section
18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C.
57a(a)(1)(B)).
(b) Powers of the Commission.--
(1) In general.--The Commission shall enforce this Act in
the same manner, by the same means, and with the same
jurisdiction, powers, and duties as though all applicable terms
and provisions of the Federal Trade Commission Act (15 U.S.C.
41 et seq.) were incorporated into and made a part of this Act.
(2) Privileges and immunities.--Any person who violates
this Act or a regulation promulgated thereunder shall be
subject to the penalties and entitled to the privileges and
immunities provided in the Federal Trade Commission Act (15
U.S.C. 41 et seq.).
(3) Authority preserved.--Nothing in this Act shall be