House committee substitute to the 1st edition makes the following changes.
Amends new GS 75-70 as follows. Amends the items that are specifically excluded from the definition of social media platform, covered platform, or platform as include among the exclusions: (1) includes a wireless messaging service provided through a functional equivalent to a short messaging service or multimedia messaging service protocols; (2) video game services primarily designed to serve as a platform to play video games (was, those specifically designed to serve as a platform to solely play video games); (3) online shopping or e-commerce services primarily designed for that purpose (was, specifically designed for that sole purpose); and (4) adds in a community forum where the primary purpose is for customer self-service support related to products, sellers, services, events, or places or any combination. Makes an additional technical change.
Amends GS 75-71 by adding the requirement that a social media platform annually, beginning in 2026, provide the Consumer Protection Division (Division) of the Department of Justice with a digital copy of the platform’s privacy policy and certification that the platform has complied with the statute’s requirements. Requires platforms to give notice of substantive privacy policy changes to the registry. Requires the Division to keep a registry of those policies and certifications in its website. Also makes a clarifying change.
Amends GS 75-72 by making a technical change.
Amend GS 75-73 by changing the date for which a platform’s violations of the Article is an unfair or deceptive act or practice, so that it is now effective January 1, 2027 (was, 2026).
Amends GS 75-74 by changing the date of the Task Force’s first annual report to the NCGA from March 15, 2026, to March 15, 2027.
Changes the effective date provision by making technical changes.
Bill Summaries: H 860 SOCIAL MEDIA CONTROL IN IT ACT.
Printer-friendly: Click to view
-
Bill H 860 (2025-2026)Summary date: Jun 17 2025 - View Summary
-
Bill H 860 (2025-2026)Summary date: Apr 9 2025 - View Summary
Substantively identical to S 514, and filed 3/25/25.
Enacts Article 2B to GS Chapter 75 to be cited as the "Social Media Control in Information Technology Act". Includes 13 defined terms. States legislative findings and establishes State policy concerning user data on social media platforms. Defines social media platform (platform) as an electronic medium with more than one million monthly active users in the US that functions as a social media service; excludes nine specified services.
Establishes the following requirements for platforms. Specifies that the platform must provide disclosure, when the user first initializes their use or after a six-month period of inactivity and in the format described, regarding their collection and use of personal information and how users can exercise their rights and choices on the platform. Requires platforms to obtain user consent before the platform collects any user-related data on the user. Further requires platforms to provide disclosure, available upon receipt of a verifiable consumer request, detailing the categories of information collected and sources from which the information is collected; the purpose for the collection, selling, or sharing of personal information; the categories of third-party to whom the business discloses personal information; and the specific pieces of information it has collected about that user. Establishes two qualifications for using personal information in algorithmic recommendations, including that the platform reasonably determines the user is not a minor and the user is notified and expressly consents to its use. Requires platforms provide users the ability to alter, change, and delete the categories of personal information used in an algorithmic recommendation system that is modifiable at any time. Bars use of categories users intend not to be used in an algorithmic recommendation system. Prohibits discrimination against users exercising rights under the Article in provision of functionality or features of the platform unless the use of user-related data in an algorithmic recommendation system is reasonably necessary to the feature or functionality. Mandates that platforms establish comprehensive and effective controls to ensure that a minor's personal information is not used in any algorithmic recommendation system, with three exceptions listed, including recommending or presenting content from accounts that a user follows in reverse chronological order or a similar method. Deems the operator of the platform liable for violations of the statute. Provides immunity where the platform made an estimation of a user's age based on the user's self-attestation that the person was not a minor.
Requires platforms to configure all privacy settings to be available to minors and default to the highest level of privacy, unless the business can demonstrate a compelling reason that a different setting is in the best interest of minors. Includes six settings that must comply with this requirement. Requires platforms to provides users with accessible mechanisms to request correction or deletion of personal information about the user. Describes requirements and recordkeeping regarding these user requests. Establishes three rights specific to minors using platforms, as specified: right to protection from manipulative design; right to transparency; and right to protection from personalized recommendation systems. Provides the operation is potentially liable for violations of the statute.
Deems violations of the Article an unfair or deceptive act or practice under state law, effective January 1, 2026. Charges the Attorney General with monitoring compliance. Permits users to make compliance complaints and authorizes the Attorney General to bring a civil action where it is believed the noncompliance has or threatens the interest of State residents. Allows minors to file a civil action if they are affected by any covered platform found to be in violation of the Article. Where the Attorney General brings an action and prevails where a minor is affected, provides specific relief available to the court.
Establishes the 21-member Data Privacy Task Force (Task Force) within the Department of Justice. Details membership, appointment, meetings, and vacancies. Sets member terms to two years. Directs the Task Force to annually report to the NCGA on its work as specified, beginning March 15, 2025.
Effective October 1, 2026.
Appropriates $100,000 to the Department of Justice for each year of 2025-27 to develop the registry created by the act. Effective July 1, 2025.