The Vermont Statutes Online
The Statutes below include the actions of the 2025 session of the General Assembly.
NOTE: The Vermont Statutes Online is an unofficial copy of the Vermont Statutes Annotated that is provided as a convenience.
Title 9 : Commerce and Trade
Chapter 062 : Protection of Personal Information
Subchapter 006 : VERMONT AGE-APPROPRIATE DESIGN CODE ACT
(Cite as: 9 V.S.A. § 2449d)-
§ 2449d. Required default privacy settings and tools [Effective January 1, 2027]
(a) Default privacy settings.
(1) A covered business shall configure all default privacy settings provided to a covered minor through the online service, product, or feature to the highest level of privacy, including the following default settings:
(A) not displaying the existence of the covered minor’s account on a social media platform to any known adult user unless the covered minor has expressly and unambiguously allowed a specific known adult user to view their account or has expressly and unambiguously chosen to make their account’s existence public;
(B) not displaying media created or posted by the covered minor on a social media platform to any known adult user unless the covered minor has expressly and unambiguously allowed a specific known adult user to view their media or has expressly and unambiguously chosen to make their media publicly available;
(C) not permitting any known adult users to like, comment on, or otherwise provide feedback on the covered minor’s media on a social media platform unless the covered minor has expressly and unambiguously allowed a specific known adult user to do so;
(D) not permitting direct messaging on a social media platform between the covered minor and any known adult user unless the covered minor has expressly and unambiguously decided to allow direct messaging with a specific known adult user;
(E) not displaying the covered minor’s location to other users, unless the covered minor expressly and unambiguously shares their location with a specific user;
(F) not displaying the users connected to the covered minor on a social media platform unless the covered minor expressly and unambiguously chooses to share the information with a specific user;
(G) disabling search engine indexing of the covered minor’s account profile; and
(H) not sending push notifications to the covered minors.
(2) A covered business shall not:
(A) provide a covered minor with a single setting that makes all of the default privacy settings less protective at once; or
(B) request or prompt a covered minor to make their privacy settings less protective, unless the change is strictly necessary for the covered minor to access a service or feature they have expressly and unambiguously requested.
(b) Timely deletion of account. A covered business shall:
(1) provide a prominent, accessible, and responsive tool to allow a covered minor to request the covered minor’s account on a social media platform be unpublished or deleted; and
(2) honor that request not later than 15 days after a covered business receives the request. (Added 2025, No. 63, § 1, eff. January 1, 2027.)
