here<\/a>.<\/strong><\/p>\n\n\n\nThe bill, rebranded the Children\u2019s Social Media Safety Act, forces operating system providers to prompt every account holder for a birth date, age, or both at account setup by January 2028. That age data then gets passed to apps as a signal. Miss the prompt, and the device stays locked. The only real escape is a paid family account where the primary holder has already been verified as an adult using, in the bill\u2019s own language, \u201ccommercially available methods that are reasonably designed to ensure accuracy.\u201d<\/p>\n\n\n\n
What those methods actually are, the bill leaves to the market to figure out.<\/p>\n\n\n\n
Government-issued ID checks. Face scans. Credit card matching. Third-party identity brokers. All of them have been pitched as \u201ccommercially available\u201d age verification, and all of them require the OS vendor, or a contractor working for them, to collect identifying information about adults who just want to set up a laptop.<\/p>\n\n\n\n
The law says operating systems should send \u201conly the minimum amount of information necessary.\u201d It says nothing similar about the companies standing up the verification pipeline behind it.<\/p>\n\n\n\n
Rep. Jennifer Gong-Gershowitz, a Glenview Democrat and the chief sponsor, framed the bill as a privacy upgrade. \u201cRather than transmitting data about a child\u2019s birthday directly to each app, House Bill 5511 gives parents the peace of mind that comes from knowing that their child is not being fed addictive content in a way that does not compromise their privacy,\u201d she said.<\/p>\n\n\n\n
The move the bill actually makes is subtler. It relocates the age gate from individual apps, where users could lie about their birth year and often did, to the operating system, where lying is harder because the OS is the thing most likely to be tied to a verified adult account, a payment method, or a device registration.<\/p>\n\n\n\n
Gong-Gershowitz pitched the bill as overdue. She told a committee hearing last month that the issue \u201cprobably is an issue that parents are battling with on a daily basis\u201d and \u201cone that has been rapidly evolving, but we have been far too slow to regulate.\u201d On the House floor she argued, \u201cWe\u2019ve been a little bit too late to the game to talk seriously about how do we protect children\u2019s mental health and children\u2019s safety online.\u201d<\/p>\n\n\n\n
The bill creates four age buckets the operating system must sort users into. The statute defines \u201cage bracket data\u201d as information indicating \u201c(1) whether a user is under 13 years of age; (2) whether the user is at least 13 years of age and under 16 years of age; (3) whether the user is at least 16 years of age and under 18 years of age; or (4) whether the user is at least 18 years of age.\u201d<\/p>\n\n\n\n
Every covered \u201cInternet-enabled device,\u201d defined by the bill as \u201ca smartphone, tablet, or personal laptop or desktop computer,\u201d must pass that signal along to any app that asks.<\/p>\n\n\n\n
The paid family account carveout is narrower than it first appears. To qualify, a platform has to meet four conditions, including that it \u201crequires a paid subscription or account creation with payment method verification as the platform\u2019s primary business model\u201d and that it \u201cverifies that the primary account holder is an adult using commercially available methods that are reasonably designed to ensure accuracy.\u201d The bill offers no list of what those methods are. That blank space is where the actual identity infrastructure gets built, and it gets built by whoever wins the contract.<\/p>\n\n\n\n
The default settings for minors, in the bill\u2019s own text, are limited to two things. A covered operator must configure the platform so that no user already disconnected from the minor may \u201cview the precise geolocation information of the minor if a covered platform provides a mechanism by which users share their location on the platform\u201d or \u201creceive or send gifted currency to the minor.\u201d<\/p>\n\n\n\n
\u201cPrecise geolocation information\u201d is defined as data that \u201cdirectly identifies the specific location of a natural person with precision and accuracy within a radius of 1,750 feet.\u201d Earlier press summaries describing broader profile restrictions and blanket bans on stranger transactions compressed a narrower statutory text.<\/p>\n\n\n\n
The nighttime notification ban is real and sits in Section 15(g). It is \u201cunlawful for an addictive social media platform to, between the hours of 10 p.m. and 7 a.m., send notifications concerning an addictive feed to a covered user\u201d unless the platform knows the user is an adult or has \u201cobtained verifiable parental consent.\u201d The state is now in the business of telling platforms when they may ping a teenager\u2019s phone.<\/p>\n\n\n\n
The definition of \u201caddictive feed\u201d runs nearly two full pages of the bill and carves out eight exceptions, including feeds based on \u201cuser-selected privacy or accessibility settings\u201d and media the user \u201cexpressly and unambiguously requested.\u201d What counts as an addictive feed, and therefore what gets banned by default for every minor in Illinois, comes down to how an enforcement-minded attorney general reads those exceptions. The civil penalty is \u201cnot more than $2,500 for each affected child for each negligent violation or not more than $7,500 for each affected child for each intentional violation,\u201d recoverable only by the Attorney General.<\/p>\n\n\n\n
Two provisions in Section 15 are worth reading together. Subsection (l) says nothing in the Act \u201cshall be construed as preventing access to information regarding sex, sexuality, gender, and reproductive health that is not already prohibited by existing law.\u201d<\/p>\n\n\n\n
Subsection (m) permits platforms to restrict, in good faith, material they \u201cconsider obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not the material is constitutionally protected.\u201d One clause says the law doesn\u2019t limit health information. The next says platforms can block constitutionally protected speech at their discretion, with the state\u2019s blessing. Both clauses live in the same bill.<\/p>\n","protected":false},"excerpt":{"rendered":"
Yet another state law for ID and age verification on install or first setup. Well, we know Meta and other tech megacorps are behind these laws and why they’re so similar. But it’s all a creep towards digital ID and not being able to access the internet without being identified. And these big fines are […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-16907","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/16907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=16907"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/16907\/revisions"}],"predecessor-version":[{"id":16908,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/16907\/revisions\/16908"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=16907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=16907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=16907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Laptop](\"https:\/\/reclaimthenet.org\/wp-content\/uploads\/2026\/04\/OHBJSH25M2lR-scaled.jpg\")
<\/figure>\n\n\n\n