Family and Personal Monitoring Software Laws by State

California

California is a high-attention state for family and personal monitoring because monitoring may involve location data, browsing activity, screenshots, messages, calls, device access, and other personal information.

For phone tracking, the key issue is location data and mobile activity.

For personal computer monitoring, the key issue is authorized access to a family-owned or shared device, especially if monitoring may capture screenshots, browsing history, or private communications.

California's official CCPA materials list Internet browsing history, geolocation data, precise geolocation, contents of email and text messages, and biometric information as examples of personal or sensitive personal information, so these data types should be treated carefully in any monitoring context.

Official legal references

Colorado

Colorado stands out because its privacy framework now touches two areas that often matter in family and personal monitoring: minors' online activity and precise geolocation data. In a mobile-device scenario, this may involve location features, app activity, online safety tools, or other data connected to a child's device. On a family-owned or shared computer, the main issues are authorized access, browsing activity, screenshots, shared-device use, and the possibility of capturing private communications.

The Colorado Privacy Act was updated through SB24-041, which added enhanced protections for minors' online activity, and SB25-276, which added precise geolocation data as covered sensitive data.

Colorado also has separate references for wiretapping, eavesdropping, cybercrime, and stalking-related surveillance that may become relevant when monitoring involves communications, audio, recorded conversations, device access, or repeated surveillance.

Official legal references

Florida

Florida is especially important for family and personal monitoring when mobile location features, tracking apps, calls, messages, audio, or recorded communications are involved. The state has a specific statute for tracking devices and tracking applications, so mobile monitoring should be reviewed separately from general monitoring of a family-owned computer. For computer-based monitoring, the main issue is authorized access to the device, especially when screenshots, browsing activity, stored data, or electronic communications may be collected.

Florida law also has separate references for interception of wire, oral, or electronic communications, computer-related offenses, and stalking or cyberstalking. These areas may become relevant when monitoring goes beyond basic device supervision and involves communications, repeated surveillance, unauthorized access, or recorded content.

Official legal references

Illinois

Illinois needs a tighter privacy review because several monitoring-related issues can overlap here: electronic tracking software, private communications, computer access, and biometric information.

For mobile use, the most relevant points are tracking software or spyware, messages, calls, audio, and data connected to a child's device. For a family-owned or shared computer, the focus is usually authorized access, screenshots, browsing activity, stored data, and whether monitoring could capture private electronic communications.

Illinois law specifically addresses cyberstalking and electronic monitoring software or spyware, including language around surreptitious installation and notice or consent for tracking software. Illinois also has a strict biometric privacy law, so any feature that could involve face geometry, fingerprints, voiceprints, or other biometric identifiers deserves special caution.

Official legal references

Indiana

Indiana is best framed around permission, device control, sensitive data, and access boundaries. In mobile-use scenarios, the main areas to watch are tracking, a child's data, precise geolocation, app activity, and communications. For a family-owned or shared computer, the focus shifts to authorized access, browsing activity, screenshots, stored data, and whether monitoring could capture private communications.

Indiana's Consumer Data Protection Act takes effect on January 1, 2026. The Indiana Attorney General's Consumer Bill of Rights treats children's data and precise geolocation data as sensitive data, and states that a parent or legal guardian can exercise privacy rights on behalf of a child.

Official legal references

Iowa

Iowa is most relevant for family and personal monitoring when the monitoring involves GPS location, a child's personal data, computer access, spyware-like software, or communications. For mobile use, the key topics are location tracking, app activity, online activity, and data connected to a child's device. For a shared or family-owned computer, the main issues are authorized access, browsing activity, screenshots, stored data, and whether monitoring could capture private communications.

Iowa law has a specific reference for unauthorized placement of a global positioning device, and its consumer data protection chapter treats personal data collected from a known child and precise geolocation data as sensitive data. Iowa also has separate references for computer spyware/malware, interception of communications, and stalking-related conduct involving technological devices.

Official legal references

Kentucky

Kentucky is mainly about location tracking, sensitive data, computer access, and private communications. Mobile monitoring may raise issues when it involves tracking a person's location or collecting data connected to a child. Computer monitoring should stay tied to authorized access, especially when screenshots, browsing activity, stored files, or communications may be captured.

Kentucky's Consumer Data Protection Act treats personal data collected from a known child and precise geolocation data as sensitive data. Kentucky also has separate references for tracking devices, unlawful computer access, eavesdropping, and private communications.

Official legal references

Maryland

Maryland is mainly about children's online data, location-related monitoring, computer access, and communications. Mobile monitoring may involve a child's online activity, location, messages, or app use. Computer monitoring should stay focused on authorized access to a family-owned or shared device, especially when screenshots, browsing activity, stored data, or private communications may be involved.

Maryland's recent privacy laws are important for child-related online data, while the state's criminal-law references cover interception of communications, unauthorized computer access, and stalking patterns that may involve electronic communication or tracking devices. The Maryland Kids Code specifically addresses online products likely to be accessed by children and includes parent or guardian monitoring of a child's online activity or location in its official bill summary.

Official legal references

Massachusetts

Massachusetts is mainly about privacy, audio/call recording, computer access, and electronic communication risks. Phone tracker should be handled carefully when it involves calls, audio, messages, location patterns, or repeated tracking-like behavior. Computer monitoring should stay tied to authorized access, especially when screenshots, browsing activity, stored data, or private communications may be captured.

Massachusetts has a broad right-of-privacy reference, a strict wire/oral communications statute, and a specific unauthorized computer access law. Its stalking statute also references conduct carried out through telephonic, telecommunication, or electronic communication devices.

Official legal references

Michigan

Michigan is mainly about tracking devices, private conversations, computer access, and repeated contact through electronic communications. Mobile monitoring needs extra care when location tracking, calls, messages, or audio may be involved. Computer monitoring should stay tied to authorized access, especially if it may include screenshots, browsing activity, stored data, or private communications.

Michigan has a specific tracking-device law for motor vehicles, separate eavesdropping and private-place recording provisions, and a computer-access statute that covers access without authorization or beyond valid authorization. Its stalking-related references also include electronic communications as one form of repeated unwanted contact.

Official legal references

Minnesota

Minnesota is mainly about specific geolocation data, known child data, mobile tracking devices, computer access, and communications. Mobile monitoring may be relevant when it involves GPS-level location, app activity, online activity, or data connected to a child's device. Computer monitoring should stay tied to authorized access, especially when screenshots, browsing activity, stored data, or private communications may be captured.

The Minnesota Consumer Data Privacy Act treats personal data of a known child and specific geolocation data as sensitive data. Minnesota also has a separate rule for mobile tracking device use, plus state references for interception of communications and unauthorized computer access.

Official legal references

Montana

In Montana, the key distinction is between ordinary family device supervision and monitoring that reaches into location data, communications, or unauthorized access. Mobile use deserves attention when it involves location signals, app activity, online activity, or data connected to a child's device. For a family-owned or shared computer, the safer focus is authorized access, browsing activity, screenshots, stored data, and the risk of capturing private communications.

Montana's privacy framework includes sensitive-data concepts such as known child data and precise geolocation. State references also cover location information privacy, unlawful computer use, privacy in communications, and stalking-related monitoring through electronic, digital, or GPS devices.

Official legal references

Nebraska

Nebraska is better handled through sensitive data, authorized access, and communications boundaries. Mobile use may involve a child's data, precise geolocation, app activity, or online activity. For a family-owned or shared computer, the key point is whether access is authorized and whether monitoring could capture browsing activity, screenshots, stored data, or private communications.

Nebraska's Data Privacy Act includes sensitive-data rules that may matter when personal data of a known child or precise geolocation is involved. State law also has references for unauthorized computer access, interception of wire, electronic, or oral communications, and stalking-related conduct.

Official legal references

Nevada

In Nevada, family and personal monitoring should be separated into three practical risk areas: mobile location tracking, access to a computer or stored device data, and communications privacy. Mobile monitoring is more sensitive when it involves location tracking, app activity, messages, or repeated monitoring patterns. For a family-owned or shared computer, the focus should stay on authorized access, browsing activity, screenshots, stored files, and whether monitoring could expose private communications.

Nevada has a specific mobile tracking device statute, a computer-access statute, and separate references for wire communications, listening devices, privacy of personal information, and stalking-related conduct. The mobile tracking device provision defines a mobile tracking device as a device that permits tracking the movement or location of a person or object through a signal.

Official legal references

New Hampshire

New Hampshire should be framed around location information, sensitive data, communications, and authorized access. Mobile monitoring becomes more sensitive when it involves device location, a child's data, app activity, messages, or repeated tracking patterns. For a family-owned or shared computer, the key issues are access permission, browsing activity, screenshots, stored data, and private communications.

New Hampshire's privacy law treats personal data collected from a known child and precise geolocation data as sensitive data. State references also cover electronic device location information, computer-related offenses, wiretapping/eavesdropping, and stalking-related conduct.

Official legal references

New Jersey

New Jersey is sensitive when family monitoring involves personal data, precise geolocation, computer access, or private communications. Mobile use may involve location signals, app activity, messages, or online activity connected to a child's device. For a family-owned or shared computer, the key issues are authorization, browsing activity, screenshots, stored data, and whether monitoring could expose private communications.

New Jersey's consumer privacy law treats personal data collected from a known child and precise geolocation data as sensitive data. The state also has separate references for computer criminal activity, interception of wire, electronic, or oral communications, and stalking-related conduct.

Official legal references

Oregon

Oregon needs closer attention when monitoring touches GPS location, children's personal data, computer access, or recorded communications. Mobile use may involve location signals, app activity, online activity, or data connected to a child's device. For a family-owned or shared computer, the main focus is authorized access, browsing activity, screenshots, stored data, and whether monitoring could capture conversations or electronic communications.

Oregon has a specific statute for unlawful use of a GPS device, an Oregon Consumer Privacy Act section covering sensitive data, a computer crime statute, and separate references for obtaining communications and stalking. The Oregon DOJ also notes that, as of January 1, 2026, Oregon law restricts the sale of precise geolocation data.

Official legal references

Pennsylvania

Pennsylvania works best through communications, stored electronic data, computer access, and mobile tracking-device provisions. Phone tracking may raise issues when it involves location signals, messages, calls, or repeated tracking patterns. For a family-owned or shared computer, the focus is authorization, browsing activity, screenshots, stored data, and whether monitoring could expose private communications.

Pennsylvania's Wiretapping and Electronic Surveillance Control Act includes separate subchapters for wire/electronic/oral communications, stored communications, and mobile tracking devices. The state also has computer-crime and stalking references that may be relevant when monitoring involves access without authority, communications, or repeated conduct.

Official legal references

Rhode Island

Rhode Island becomes more sensitive when family monitoring involves location data, children's personal data, computer access, or communications. Mobile use may include location signals, app activity, online activity, or data connected to a child's device. For a family-owned or shared computer, the key issues are authorization, browsing activity, screenshots, stored data, and whether monitoring could expose private communications.

Rhode Island's Data Transparency and Privacy Protection Act takes effect on January 1, 2026, and its definition of sensitive data includes personal data collected from a known child and precise geolocation data. State references also cover computer trespass, interception of wire and oral communications, and stalking-related conduct.

Official legal references

Tennessee

Tennessee separates ordinary family device supervision from riskier areas such as vehicle tracking, intercepted communications, and unauthorized access to a computer or network. Mobile use needs extra care when it involves location tracking, messages, calls, or monitoring connected to a vehicle. For a family-owned or shared computer, the focus should stay on permission, device control, browsing activity, screenshots, and whether private communications could be captured.

Tennessee has a specific statute on electronic tracking of motor vehicles, plus separate laws for wiretapping/electronic surveillance, computer offenses, and stalking. The vehicle-tracking provision also includes a parent/legal guardian exception when the parent or guardian owns or leases the vehicle and uses the device solely to monitor a minor child who is an occupant of that vehicle.

Official legal references

Texas

Texas should be read through consent, sensitive data, vehicle/device tracking, and communications access. Mobile use may involve location signals, app activity, messages, or data connected to a child's device. On a family-owned or shared computer, the key questions are whether access is authorized and whether monitoring could capture browsing activity, screenshots, stored communications, or private messages.

The Texas Attorney General's TDPSA materials state that sensitive data includes precise geolocation data and personal data of a child under 13. Texas also has separate Penal Code references for tracking devices, interception of communications, stored communications, computer access, and stalking.

Official legal references

Utah

Utah is a state where the line between family supervision and higher-risk monitoring often depends on vehicle/location tracking, consent to communications access, and authorization to use a computer or network. Mobile use may involve location features, app activity, messages, or data connected to a child's device. For a family-owned or shared computer, the safer focus is permission-based access, browsing activity, screenshots, stored files, and avoiding the capture of private communications.

Utah's Consumer Privacy Act includes specific geolocation data in its sensitive-data definition. State law also has separate references for unlawful installation of a tracking device, computer access without authorization, interception of wire/electronic/oral communications, and stalking-related conduct.

Official legal references

Virginia

Virginia is best read through the line between authorized family supervision and monitoring that involves deceptive tracking, intercepted communications, or access without authority. Mobile use deserves attention when location features, calls, messages, or a child's device are involved. For a shared or family-owned computer, the practical focus is permission, device control, screenshots, browsing activity, and whether private communications could be captured.

Virginia's privacy law also gives special attention to children's data and precise geolocation: the Consumer Data Protection Act defines sensitive data to include personal data collected from a known child and precise geolocation data. Virginia also has specific state references for electronic tracking devices, computer trespass, interception of wire/electronic/oral communications, and stalking.

Official legal references

Washington

Washington is not the place to blur basic family device visibility with silent location tracking or communications capture. Mobile use needs closer attention when monitoring involves location signals, messages, calls, audio, or tracking-like behavior. For a shared or family-owned computer, the practical line is authorization: who controls the device, what data is collected, and whether screenshots, browsing activity, or software logs could expose private communications.

Washington law is especially relevant around private communications and electronic tracking. RCW 9.73.030 requires consent before intercepting or recording private communications or conversations, while RCW 9A.46.110 includes electronic tracking devices in stalking-related conduct, including computer code or digital instructions that allow remote tracking of a device.

Official legal references