Twin bills violating privacy stopped in their tracks by grassroots watchdogs

By Patrice Johnson, Chair and Co-Founder, Michigan Fair Elections Institute

April 9, 2026

Last week, two identical bipartisan bills were moving concurrently through the Michigan House and Senate. One was on its second reading in committee. Both were on track for speedy approval in both chambers and then signature on the governor’s desk. Michigan was following in Louisiana’s footsteps, where similar legislation had passed 99-0. Then, over Easter weekend, MFEI, PIME, and a team of grassroots watchdogs took a close look at what the bills actually said. By Tuesday, April 8, the sponsors had withdrawn both bills.

House Bill 4429 and Senate Bill 284 — identical bills, titled the Digital Age Assurance Act and introduced as child safety legislation — are now dead in the water.

The bills would have required every device manufacturer and operating system to “determine or estimate” every user’s age at device activation and then broadcast a continuous digital age signal — sorted into four brackets — to every app, website, and online service on that device. The bills contained no data minimization requirement, no deletion requirement, and no restriction on combining that signal with location data, purchase history, or browsing records.

Both primary sponsors responded constructively to the analysis, and we are deeply grateful for their seriousness and their willingness to engage. It takes genuine commitment to constituents for representatives to receive critical analysis of one’s own legislation and choose careful revision over defensiveness. We look forward to working with Rep. Brad Paquette (R-Niles) and Sen. John Cherry (D-Flint) on a stronger replacement.

Representative Gina Johnsen, (R-Dist. 78), a co-sponsor of HB 4429, responded to this writer within four hours, expressing high praise for MFEI:

What the Bills Actually Said

The infrastructure these bills would have created is a persistent, always-on identity layer baked into the operating system (OS) of every device in Michigan, with no accompanying privacy protections.

Twenty states have enacted comprehensive consumer data privacy laws, and Michigan is not currently one of them. These bills would not have improved that standing; they would have deepened the gap and reaped long-term negative effects on fair elections.

The most consequential provision was Section 13(4), which stated that a covered manufacturer is not liable if it has taken commercially reasonable steps to estimate the user’s age. Understanding why that matters requires some background.

Meta Platforms — parent company of Facebook and Instagram — is a defendant in lawsuits filed by 42 state attorneys general. A 2023 unsealed complaint revealed Meta had received over 1.1 million internal reports of users under 13 on its platforms between 2019 and 2023.

Under the Children's Online Privacy Protection Act (COPPA), a United States federal law enacted in 1998, liability turns on the word “knowingly.” Legal analysts estimate Meta’s potential exposure at more than $50 billion. Under these bills, a social media platform receiving an adult age signal from a device maker could argue it had no independent basis to know a user was underage.

Meta is classified as a social media platform — not a “covered manufacturer,” meaning it would have faced zero new requirements under either bill as written.

Questions about the Organization Promoting the Bills

MFEI’s team also examined the Digital Childhood Alliance, the national organization promoting this legislation across more than 20 states. Its IRS filing (EIN 33-2669790) reported less than $25,000 in gross receipts for 2024, the minimum threshold, despite coordinating a multi-state campaign, retaining attorneys to draft model legislation, and testifying before state legislatures.

The group’s website domain was registered December 18, 2024, and the fully formed site went live the following day. Bloomberg and the Deseret News both confirmed Meta funds the organization. Its executive director, questioned under oath at a Louisiana Senate hearing, acknowledged tech company funding but declined to name the sources. In Louisiana, the primary sponsor of an identical bill confirmed a Meta lobbyist delivered the bill text directly to her office. Michigan’s bills were very similar to this document.

Team leader Eric Rasmussen, Privacy Advocate & Virtualization and Cloud Engineer, University of Michigan, Ann Arbor, used an AI tool to independently compare Michigan’s bill to California’s equivalent. Without any prompt as to its origins, the AI analysis concluded:

What MFEI Did, and What Resulted

On April 4, MFEI distributed its findings to legislators and allied organizations across Michigan. Eric Rasmussen coordinated outreach to Senate committee members. This writer reached out to House sponsors, committee members, and allied organizations at the state and national levels. Despite the holiday weekend, responses flooded in from across the spectrum.

Then came the good news. On April 6, Katherine Bussard, Executive Director of Salt & Light Global, confirmed the House bill was withdrawn. Sponsors Rep. Paquette and Sen. Cherry were working on a revised version.

Where Things Stand Now

MFEI is now working with the sponsors and Bussard’s team to develop a genuine alternative. We have shared our analysis that California’s AB-1043 — which the sponsors were initially considering as a model — employs much of the same device-level architecture as the withdrawn bills.

The implications extend beyond consumer privacy to election integrity. When a citizen's verified identity is tied to a specific device at activation, that linkage can be cross-referenced with voter registration databases, creating a traceable connection between a registered voter and their device, location, reading habits, and associations. Infrastructure of this kind, with no data minimization protections and inclusion of children who lack the intellectual development to distinguish between fact and propaganda, has no precedent in Michigan law and deserves serious scrutiny from anyone concerned about the integrity of Michigan elections.

Our Recommendation

Solid legislation would create a comprehensive consumer data privacy framework that would give Michigan residents the following enforceable rights:

1. The right to know what data is collected about them,

2. The right to have it deleted,

3. The right to opt out of its sale, and

4. Prohibition of the use of data for purposes beyond for which it was originally collected.

Twenty states have enacted such frameworks. Michigan could be next.

A Note on Civic Engagement

The legislative process works best when citizens and civic organizations engage seriously with the substance of the laws under consideration. In this case, a small team with technical expertise read the bill text with care. They traced the funding behind the organizations promoting it and collaborated with subject-matter experts. Then they brought documented concerns to the attention of legislators who were in a position to act.

The response — from sponsors and colleagues across party lines — demonstrates that this kind of substantive, evidence-based engagement is both welcomed and effective.

Those who seek to influence policy through concealed funding and model legislation rely on the assumption that no one is paying close enough attention. We are grateful to everyone who engaged with our findings — and especially to Rep. Paquette and Sen. Cherry for their openness and their commitment to getting this right for Michigan families.

Author Patrice Johnson is Chair and Co-Founder of the Michigan Fair Elections Institute (501(c)(3)) and Pure Integrity Michigan Elections (501(c)(4)). A former Fortune 50 executive and founder of five technology companies, she is also the award-winning author of The Fall and Rise of Tyler Johnson, a book that became the basis of the PBS documentary film, Finding Tyler.