Florida Senate - 2026 SB 1722
By Senator Calatayud
38-01471-26 20261722__
1 A bill to be entitled
2 An act relating to application stores; providing a
3 short title; creating s. 501.1733, F.S.; defining
4 terms; requiring an app store provider to take certain
5 steps to verify the ages of individuals who create or
6 who have existing accounts with the app store
7 provider; providing parental consent requirements for
8 accounts created or held by minors; providing
9 notification and consent requirements for apps that
10 have been significantly changed; requiring the app
11 store provider to provide age category data and
12 parental consent information to developers upon
13 request; requiring app store providers to take certain
14 steps to protect specified personal information;
15 prohibiting app store providers from enforcing
16 contracts or terms of service against a minor under
17 certain circumstances, knowingly misrepresenting
18 certain information, or sharing age category data;
19 requiring developers to take certain steps to verify
20 age information and to comply with certain measures;
21 providing limits on and requirements for developers
22 requesting age data; prohibiting developers from
23 enforcing contracts or terms of service against a
24 minor under certain circumstances, knowingly
25 misrepresenting certain information, or sharing age
26 category data; authorizing minors, or the parents of
27 minors, to bring civil actions against app store
28 providers or developers for violations of the act;
29 authorizing courts to award prevailing plaintiffs with
30 specified damages, fees, and costs; providing that a
31 violation of this act is an unfair and deceptive trade
32 practice; authorizing the Department of Legal Affairs
33 to bring an action against app store providers and
34 developers; providing jurisdiction; requiring the
35 department to adopt specified rules; providing
36 applicability; providing construction; providing for
37 severability; providing an effective date.
38
39 Be It Enacted by the Legislature of the State of Florida:
40
41 Section 1. This act may be cited as the “App Store
42 Accountability Act.”
43 Section 2. Section 501.1733, Florida Statutes, is created
44 to read:
45 501.1733 Application stores.—
46 (1) DEFINITIONS.—As used in this section, the term:
47 (a) “Account holder” means an individual associated with a
48 mobile device.
49 (b) “Age category” means one of the following categories of
50 individuals, based on age:
51 1. A child, which means an individual who is under 13 years
52 of age;
53 2. A younger teenager, which means an individual who is at
54 least 13 years of age and under 16 years of age;
55 3. An older teenager, which means an individual who is at
56 least 16 years of age and under 18 years of age; or
57 4. An adult, which means an individual who is at least 18
58 years of age.
59 (c) “Age category data” means information about an account
60 holder’s age category collected by an app store provider and
61 shared with a developer.
62 (d) “Age rating” means one or more classifications that
63 assess the suitability of an app’s content and functions for
64 different age categories.
65 (e) “App” means a software application or electronic
66 service that a user may run or direct on a mobile device. The
67 term includes preinstalled applications.
68 (f) “App store” means any publicly available website,
69 software application, or electronic service that allows an
70 account holder to download an app from a third-party developer
71 onto a mobile device.
72 (g) “App store provider” means a person that owns,
73 operates, or controls an app store.
74 (h) “Content description” means a description of the
75 specific content elements or functions that informed an app’s
76 age rating.
77 (i) “Department” means the Department of Legal Affairs.
78 (j) “Developer” means a person that owns or controls an app
79 made available through an app store or an app preinstalled onto
80 a mobile device.
81 (k) “Knowingly” mean to act with actual knowledge or to act
82 with knowledge fairly inferred based on objective circumstances.
83 (l) “Minor” means, unless the individual is married or
84 legally emancipated, an individual under 18 years of age.
85 (m) “Minor account” means an account with an app store
86 provider, established by an individual who is a minor, which is
87 affiliated with a parent account.
88 (n) “Mobile device” means a phone or general-purpose tablet
89 that:
90 1. Provides cellular or wireless connectivity;
91 2. Is capable of connecting to the Internet;
92 3. Runs a mobile operating system; and
93 4. Is capable of running apps through the mobile operating
94 system.
95 (o) “Mobile operating system” means software that:
96 1. Manages mobile device hardware resources;
97 2. Provides common services for mobile device programs;
98 3. Controls memory allocation; and
99 4. Provides interfaces for apps to access device
100 functionality.
101 (p) “Parent” means, with respect to a minor, an individual
102 reasonably believed to be a parent, a legal guardian, an
103 individual with legal custody, or any other individual who has
104 the legal authority to make decisions on behalf of the minor
105 under applicable state law.
106 (q) “Parent account” means an account with an app store
107 provider which:
108 1. Is verified to be established by an individual who the
109 app store provider has determined is at least 18 years of age or
110 married or emancipated through the app store provider’s age
111 verification methods; and
112 2. May be affiliated with one or more minor accounts.
113 (r) “Parental consent disclosure” includes the following
114 information:
115 1. If the app store provider has an age rating for the app
116 or in-app purchase, the app’s or in-app purchase’s age rating;
117 2. If the app store provider has a content description for
118 the app or in-app purchase, the app’s or in-app purchase’s
119 content description;
120 3. A description of:
121 a. The personal data collected by the app from an account
122 holder in compliance with, if applicable, part V of this
123 chapter; and
124 b. The personal data shared by the app and the methods
125 implemented by the developer to protect the personal data,
126 including, if the app meets the definition of a controller under
127 s. 501.702, the methods implemented by the developer to comply
128 with part V of this chapter; and
129 4. Whether personal data is collected by the app and the
130 methods implemented by the developer to protect the personal
131 data, and, if the app meets the definition of a controller under
132 s. 501.702, the methods implemented by the developer to comply
133 with part V of this chapter.
134 (s) “Preinstalled application” means any app, or portion
135 thereof, which is present on a mobile device at the time of
136 purchase, initial activation, or first use by the consumer,
137 including browsers, search engines, and messaging, but excluding
138 core operating system functions, essential device drivers, and
139 applications necessary for basic device operation such as phone
140 call, settings, and emergency service applications. The term
141 includes apps, or portions thereof, installed or partially
142 installed by the device manufacturer, wireless service provider,
143 retailer, or any other party before purchase, initial
144 activation, or first use by the consumer and which may be
145 updated thereafter.
146 (t) “Significant change” means a material modification to
147 an app’s terms of service or privacy policy which:
148 1. Changes the categories of data collected, stored, or
149 shared;
150 2. Alters the app’s age rating or content descriptions; or
151 3. Introduces in-app purchases where in-app purchases were
152 not previously present or introduces advertisements where
153 advertisements were not previously present in the app.
154 (u) “Verifiable parental consent” means authorization that:
155 1. Is provided by a parent account;
156 2. Is given after the app store provider has clearly and
157 conspicuously provided the parental consent disclosure as part
158 of the app download, purchase, or in-app purchase process; and
159 3. Requires the parent to make an affirmative choice to
160 grant consent or decline consent.
161 (2) APP STORE PROVIDERS.—
162 (a) An app store provider shall do all of the following:
163 1. At the time an individual located in this state creates
164 an account with the app store provider, or for existing
165 accounts, by July 1, 2028, request age category information from
166 the individual and verify the individual’s age category using:
167 a. Commercially available methods reasonably designed to
168 ensure accuracy; or
169 b. An age verification method or process that complies with
170 department rule.
171 2. If the app store provider determines the individual is a
172 minor, require that the account be affiliated with a parent
173 account and obtain verifiable parental consent from the holder
174 of the affiliated parent account each time before allowing the
175 minor to download an app, purchase an app, or make an in-app
176 purchase.
177 3. After receiving notice of a significant change from a
178 developer, notify the account holder of the significant change
179 and, for a minor account, notify the parent account and obtain
180 renewed verifiable parental consent before providing access to
181 the significantly changed version of the app.
182 4. Provide to a developer, in response to a request
183 authorized under subsection (3), age category data for an
184 account holder located in this state and the status of
185 verifiable parental consent for a minor located in this state.
186 5. Provide a mechanism for a parent account to withdraw
187 consent and notify a developer when a parent revokes verifiable
188 parental consent.
189 6. Protect age category data and any associated
190 verification data by:
191 a. If applicable, complying with s. 501.1735;
192 b. Limiting collection and processing to data necessary for
193 verifying an account holder’s age category, obtaining verifiable
194 parental consent, or maintaining compliance records; and
195 c. Transmitting age category data using industry-standard
196 encryption protocols that ensure data integrity and data
197 confidentiality.
198 7. For preinstalled apps, provide available age category
199 information in response to a request from a developer and take
200 reasonable measures to facilitate verifiable parental consent
201 for use of the app in response to a request from a developer.
202 (b) An app store provider may not:
203 1. Enforce a contract or terms of service against a minor
204 unless the app store provider has obtained verifiable parental
205 consent;
206 2. Knowingly misrepresent the information in the parental
207 consent disclosure; or
208 3. Share age category data and any associated data except
209 as required by this section or otherwise required by law.
210 (3) DEVELOPERS.—
211 (a) A developer shall:
212 1. Verify through the app store’s data-sharing methods the
213 age category data of account holders located in this state, and
214 for a minor’s account, whether verifiable parental consent has
215 been obtained;
216 2. Notify app store providers of significant changes to an
217 app;
218 3. Use age category data received through the app store’s
219 data-sharing methods to enforce any developer-created, age
220 related restrictions, safety-related features, or defaults, and
221 to enforce compliance with applicable laws and regulations; and
222 4. Request any age category data or verifiable parental
223 consent at the time an account holder downloads an app,
224 purchases an app, or launches a preinstalled app for the first
225 time; when implementing a significant change to the app; or to
226 comply with applicable law.
227 (b) A developer may request age category data:
228 1. No more than once during each 12-month period to verify
229 the accuracy of age category data associated with an account
230 holder or the continued account use within an age category
231 listed in paragraph (1)(b);
232 2. When there is reasonable suspicion of an account
233 transfer or misuse outside of the age category; or
234 3. At the time an account holder creates a new account with
235 the developer.
236 (c) When implementing any developer-created, age-related
237 restrictions, safety-related features, or defaults, a developer
238 must use the lowest age category listed in paragraph (1)(b)
239 indicated by age category data received through the app store’s
240 data-sharing methods or age data independently collected by the
241 developer.
242 (d) A developer may not:
243 1. Enforce a contract or terms of service against a minor
244 unless the developer has verified through an app store’s data
245 sharing methods that verifiable parental consent has been
246 obtained;
247 2. Knowingly misrepresent any information in the parental
248 consent disclosure; or
249 3. Share age category data with any person.
250 (4) ENFORCEMENT.—
251 (a) A minor who has been harmed by a violation of this
252 section, or such minor’s parent, may bring a civil action
253 against an app store provider or a developer. In such action,
254 the court shall award a prevailing plaintiff:
255 1. The greater of actual damages or $1,000 for each
256 violation;
257 2. Punitive damages if the violation was egregious;
258 3. Reasonable attorney fees; and
259 4. Litigation costs.
260 (b) A violation of this section is an unfair and deceptive
261 trade practice actionable under part II of this chapter by the
262 department. The department may bring an action against an app
263 store provider or a developer to:
264 1. Recover a civil penalty not to exceed $7,500 for each
265 violation;
266 2. Restrain or enjoin the app store provider or developer
267 from violating this section;
268 3. Seek injunctive relief;
269 4. Recover reasonable attorney fees; and
270 5. Recover litigation costs and the costs of investigating
271 the violation.
272 (c) For the purpose of bringing an action pursuant to this
273 section, ss. 501.211 and 501.212 do not apply.
274 (5) JURISDICTION.—For purposes of bringing an action
275 pursuant to this section, any person who meets the definition of
276 an app store provider or developer which operates or develops an
277 app store or app likely to be accessed by minors and accessible
278 by minors located in this state is considered to be both engaged
279 in substantial and not isolated activities within this state and
280 operating, conducting, engaging in, or carrying on a business
281 and doing business in this state, and is therefore subject to
282 the jurisdiction of the courts of this state.
283 (6) RULES.—The department shall adopt rules to establish
284 definite processes and means by which an app store provider may
285 verify an account holder’s age category in accordance with this
286 section.
287 (7) SAFE HARBOR; APPLICABILITY.—
288 (a) A developer is not liable for a violation of this
289 section if the developer demonstrates that the developer:
290 1. Relied in good faith on applicable age category data
291 received through an app store’s data-sharing methods;
292 2. Relied in good faith on notification from an app store
293 provider that verifiable parental consent was obtained if the
294 account holder was a minor; and
295 3. Complied with the requirements of subsection (3).
296 (b) In determining an app’s age rating and content
297 description for purposes of this section, a developer is not
298 liable for a violation of this section if the developer uses
299 widely adopted industry standards to determine the app’s age
300 category and content description and applies those standards
301 consistently and in good faith.
302 (c) This subsection applies only to actions brought under
303 this section and does not limit a developer’s or app store
304 provider’s liability under any other applicable law.
305 (d) This section does not displace any other available
306 rights or remedies authorized under federal or Florida law.
307 (8) CONSTRUCTION.—This act may not be construed to do any
308 of the following:
309 (a) Prevent an app store provider or developer from taking
310 reasonable measures to block, detect, or prevent distribution to
311 minors of unlawful material, obscene material, or other harmful
312 material; block or filter spam; prevent criminal activity; or
313 protect app store or app security.
314 (b) Require an app store provider to disclose user
315 information to a developer beyond age category data or status of
316 parental consent.
317 (c) Allow an app store provider or developer to implement
318 measures required by this section in a manner that is arbitrary,
319 capricious, anticompetitive, or unlawful.
320 (d) Require an app store provider or developer to obtain
321 verifiable parental consent for an app that:
322 1. Provides direct access to emergency services, including
323 911, crisis hotlines, or emergency assistance services, legally
324 available to minors;
325 2. Limits data collection to information necessary to
326 provide emergency services in compliance with the Children’s
327 Online Privacy Protection Act, 15 U.S.C. s. 6501 et seq.;
328 3. Provides access without requiring account creation or
329 collection of unnecessary personal information; and
330 4. Is operated by or in partnership with a governmental
331 entity, a nonprofit organization, or an authorized emergency
332 service provider.
333 (e) Require a developer to collect, retain, reidentify, or
334 link any information beyond what is necessary to verify age
335 category data as required by this section, and what is
336 collected, retained, reidentified, or linked in the developer’s
337 ordinary course of business.
338 (f) Require an app store provider or developer to block
339 access to an application that an account holder has downloaded
340 or installed onto a mobile device before July 1, 2027, except to
341 the extent that a parent account revokes verifiable consent for
342 an affiliated minor account or there has been a significant
343 change to the application.
344 Section 3. If any provision of this act or its application
345 to any person or circumstance is held invalid, the invalidity
346 does not affect other provisions or applications of this act
347 which can be given effect without the invalid provision or
348 application, and to this end the provisions of this act are
349 severable.
350 Section 4. This act shall take effect July 1, 2027.