Sammy’s Law

This bill aims to help parents keep kids safer on large social media platforms. It would make big platforms open secure, real-time connections that approved safety apps can use when a parent—or a child age 13 or older—gives permission. With that permission, the app can manage the child’s interactions, content, and account settings and receive the child’s data as often as every hour to look for risks. The goal is to protect kids from harms like cyberbullying, trafficking, illegal drugs, sexual harassment, and violence . Platforms must tell the child and parent what data is being shared and keep transfers secure, and any control by the safety app is limited to protecting the child, such as improving privacy and marketing settings.

Safety app companies must register with the Federal Trade Commission (FTC), be based in the U.S., store data only in the U.S., delete it quickly, and use it only to protect the child. They face security reviews and yearly independent checks. These apps can share data only in limited cases—like with parents to warn about serious risks such as self-harm, violence, sexual abuse, fraud, or trafficking—or when required by law or to prevent an immediate threat. The FTC enforces the rules, will accept complaints, and will issue guidance; the law starts when that guidance is issued .

• Who is affected: Children under 17 with social media accounts, their parents or legal guardians, large social media platforms, and third‑party safety app companies.
• What changes for platforms: Build and maintain these access tools within 30 days of the effective date (or within 30 days of becoming a large platform), provide hourly data transfers, notify families about what is shared, follow secure-transfer policies, and they are protected from damages for these transfers if they act in good faith with the law and FTC guidance .
• What changes for families: A parent—or a child age 13+—can give and revoke access to a safety app. Families can file complaints with the FTC if a platform or safety app breaks the rules .
• When: The FTC must issue guidance within 180 days; the law takes effect on the day that guidance comes out; platforms then have 30 days to comply .
• One national standard: States cannot set different rules about these access tools, but state consumer protection and other basic laws (like fraud and data-breach notice) still apply.