New 'Dont Sell Kids Data Act' Sets $1,000 Minimum Fine Per Violation Against Data Brokers

If you’ve ever wondered who is tracking your kid’s every click and scroll online, this bill is aimed squarely at cutting off the supply chain. The “Dont Sell Kids Data Act of 2025” prohibits data brokers—those companies that scoop up personal info from various places and sell it—from collecting, using, or selling the personal data of anyone under 18. This protection covers children (under 13) and teens (aged 13 to 17), and it goes into effect 180 days after becoming law.

Cutting the Data Cord

This isn't just a slap on the wrist; it’s a full shut-down notice. The bill requires data brokers to delete any existing personal data they already have on minors. Think of it like this: if you’re a parent, or a teen yourself, you can now demand that these companies scrub your information from their files. The bill mandates that data brokers create a clear, public mechanism for deletion requests. Once that request is submitted, the broker has just 10 days to find, delete, and confirm the removal of the personal data. This is a huge deal because it puts the burden of proof and action squarely on the data sellers, not the consumer.

The Enforcement Hammer: Why This Law Has Teeth

What makes this legislation stand out is the strength of its enforcement. First, the Federal Trade Commission (FTC) can go after violators for unfair and deceptive practices. State Attorneys General can also sue on behalf of their residents. But the biggest game changer is the Private Right of Action (Section 2). This means if a data broker violates the law regarding your child’s or your own data (if you’re a teen), you can sue them directly in federal court. You don't need to prove financial harm; the violation itself counts as a concrete injury.

If you win, the court must award you at least $1,000 for each violation, plus attorney’s fees. If the court finds the broker willfully or knowingly broke the rule, that penalty can be tripled. Furthermore, the bill explicitly states that your right to sue cannot be waived by any fine print, like a mandatory arbitration clause in a terms of service agreement. This is critical because it prevents companies from burying their liability in long, unreadable contracts, giving regular people a real shot at accountability.

The Fine Print: Where the Loopholes Might Hide

While this bill is a huge win for digital privacy, especially for younger generations, a couple of details might create some friction during implementation. The entire system hinges on the data broker “knowing” the individual is a minor. The bill defines “knows” as having actual knowledge or knowledge “fairly implied by objective circumstances.” What exactly counts as “objective circumstances” is going to be the battleground. Data brokers will likely argue they didn’t have enough information to know a user was 17, not 18, creating a fuzzy line for enforcement.

Another potential issue lies in the definition of a “Data Broker.” The law excludes entities whose primary product isn't data, as well as service providers collecting data directly from the individual. This means large social media platforms or search engines that monetize data but claim their primary product is “social networking” or “search” might try to argue they are exempt, even though they collect massive amounts of data on minors. Still, for the companies whose sole business model is buying and selling profiles, this act puts them on notice: if you’re trading in kids’ data, you’re facing serious financial risk.