Privacy & Cybersecurity Law Blog

Alabama Governor Kay Ivey recently signed Alabama House Bill 161, the App Store Accountability Act (“the Act”), into law. The Act establishes age categorization, age verification and parental consent requirements applicable to mobile application marketplace providers operating in Alabama. The Act takes effect January 1, 2027.

Key Requirements

• Age Categorization and Verification. App store providers must request age category information from Alabama users at account creation. The Act defines four age categories: under 13; 13–15; 16–17; and 18+. Existing accounts as of October 2, 2026, must be categorized and verified by October 1, 2027. Verification must be conducted using commercially reasonable methods or pursuant to rules adopted by the Alabama Attorney General.
• Parental Consent. If a user is under 18, the provider must affiliate the minor’s account with a verified parent account and obtain verifiable parental consent before the minor may download an app, purchase an app or make in-app purchases. Parents must be permitted to withdraw consent, and developers must be notified of such withdrawal.
• Significant App Changes. Developers must notify app stores of certain material changes, including significant revisions to terms of service, privacy policies that alter data collection categories, monetization practices or age ratings. For minor users, renewed parental consent is required before continued access to a materially changed app.
• Data Handling. Providers must limit the collection and processing of personal age verification data to what is necessary for compliance and must transmit such data using industry-standard encryption. Age category data may only be shared with developers as permitted under the Act.
• Developer Obligations. Developers must use age category data to enforce age-based restrictions and may not request such data more than once every 12 months, absent special circumstances.

Enforcement

The Alabama Attorney General is authorized to enforce the Act. Knowing or reckless violations are treated as deceptive trade practices under Alabama law and may result in civil penalties as permitted by statute. The Act does not create an express private right of action.