Washington – The Computer & Communications Industry Association is testifying and submitted comments to Vermont lawmakers expressing concerns over the Vermont Age-Appropriate Design Code Act (VAADC) (S. 69/H. 210), a bill that raises significant questions about privacy, data security, and First Amendment rights for young users.
While the new legislation has improved certain provisions since a similar measure was vetoed last year, the VAADC continues to require de facto age assessment measures that could compromise personal data, restrict internet access for minors, and create conflicts with Vermont’s broader data privacy efforts. These ongoing issues highlight the need for lawmakers to carefully reconsider the bill’s unintended consequences before moving forward.
The legislation would require a broad range of covered businesses to collect additional personal data from Vermont residents to determine users’ ages.
Additionally, the VAADC continues to raise serious constitutional concerns by restricting children’s online access, which could violate their First Amendment protections. Many young users rely on online services for educational content, peer support, and critical resources that may not be available in their local communities. Restricting access through broad age assurance provisions could unintentionally prevent children from seeking the information and support they need.
The following statement can be attributed to Megan Stokes, State Policy Director for CCIA:
“While we appreciate Vermont lawmakers’ efforts to refine the VAADC, the bill still presents serious concerns about privacy, free expression, and regulatory conflicts. Age assurance would require covered businesses to collect more personal data, weakening the very privacy protections Vermont is working to strengthen. Additionally, similar laws in other states have faced legal challenges over constitutional compliance issues, and this bill would likely force Vermont taxpayers to bear the cost of similar litigation.
“We urge Vermont legislators to take a careful, measured approach and ensure that any legislation supports both online safety and strong data privacy protections — without infringing on users’ rights or imposing costly legal risks on the state.”
