Online Privacy

Subscribe to Online Privacy via RSS

Minnesota has a new law that, beginning a year from now, will require that social media companies warn users of the potential negative mental health effects of social media use each time a user accesses a social media platform. The warning label will need to include specific content, including information about mental health resources (like the national suicide prevention and mental health crisis hotline). The law also specifically prohibits including “extraneous information” in the warning label. It must be on-screen (not in a company’s website terms) and remain on screen until the user either acknowledges and agrees to it, or leaves the site.Continue Reading Minnesota May Be First to Require Social Media Warning Label

Vermont has joined the list of states attempting to regulate the use of children’s information collected online, passing an Age-Appropriate Design Code Act. This law mirrors ones we have seen in other US states as well as the UK, and applies to online services reasonably accessed by minors, that collect personal data. We expect it to be challenged, but if it is not, it would go into effect January 1. Among other things, the law provides the following:Continue Reading Growing List of States Attempting to Regulate Kids’ Online Privacy: Vermont Joins the Group

The Michigan Attorney General has filed a complaint against Roku, a popular TV content platform, alleging, among other things, violations of the Children’s Online Privacy Protection Act and the Video Privacy Protection Act (and a similar Michigan law). As most are aware, COPPA requires prior parental consent before collecting information from children online. It gives standing to both the FTC and to states’ attorneys general, but no private right of action. Most cases brought since COPPA’s passage have been brought by the FTC, however, and not by states. This current Michigan case comes after a group of 43 states, including Michigan, sent a letter to the FTC urging it to strengthen and update its COPPA Rule.Continue Reading Michigan AG Sues Roku Over Alleged Privacy Violations

Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the changes will take effect January 1, 2026. Courts have struck down similar laws in other states (see our posts about those in Arkansas, California, and Utah) and thus opposition seems likely here as well. Of note, the social media laws that have been struck down in other states attempted to require parental consent before minors could use social media platforms. This law is different, as it allows account creation without parental consent. Instead, it places restrictions on account use for both minors and social media platforms.Continue Reading Virginia Will Add to Patchwork of Laws Governing Social Media and Children (For Now?) 

In a landmark ruling, the Ninth Circuit expanded the application of specific personal jurisdiction principles to the realm of nationwide e-commerce. On April 21, 2025, an en banc panel issued a 10–1 decision ruling that allegations that Shopify embedded cookies that tracked a California consumer’s location data were sufficient to establish specific personal jurisdiction over Shopify in California (reversing the Court’s prior opinion on this exact issue). In the wake of this decision, businesses may face increased legal challenges in various states. To protect against far-flung lawsuits in unwanted jurisdictions, e-commerce businesses should, if practicable, refrain from collecting location data and engaging in other online activities that may be seen as targeting consumers of a particular state.Continue Reading Ninth Circuit Upends Internet Personal Jurisdiction Law–Briskin v. Shopify

Arkansas’ second attempt at regulating minor’s access to social media – in the form of the Social Media Safety Act (SB 689) – has again been struck down as unconstitutional. The court permanently enjoined the state from enforcing the law. It was a modified version of Arkansas’ 2023 SB 396, that was also blocked. The plaintiff in both challenges was NetChoice, a group familiar to anyone following kids’ social media laws. As a result of NetChoice’s efforts, similar laws have been blocked in California, Utah, Maryland, Mississippi, Ohio, and Texas. Courts in those states, as in Arkansas, found that the laws were unduly burdensome on free speech, with overly broad content restrictions not tailored to prevent harm to minors.Continue Reading Arkansas’ Kids Social Media Law: Another One Bites the Dust

The New York Attorney General recently entered into an assurance of discontinuance with Saturn Technologies, operator of an app used by high school and college students. The app was designed to be a social media platform that assists students with tracking their calendars and events. It also includes connection and social networking features and displayed students’ information to others. This included students’ location and club participation, among other things. According to the NYAG, the company had engaged in a series of acts that violated the state’s unfair and deceptive trade practice laws.Continue Reading New York AG Settles with School App

The Federal Trade Commission recently requested public comment from users of tech platforms. In particular, the impact the platforms may have on user speech. Input is sought -by May 21- on the extent to which tech firms are engaging in potentially suppressing free speech.Continue Reading FTC Requests Input from Tech Platform Users About Speech

UPDATED: The FTC announced May 9, 2025 that it will defer enforcement of the rule until July 14, 2025.

The FTC updated its Negative Option Rule last month and gave it a new name to emphasize the expanded scope of programs to which it applies. It will now be the “Rule Concerning Recurring Subscriptions and Other Negative Option Programs.” The updated rule, as the FTC outlines, will now be applicable to nearly all forms of negative option marketing.Continue Reading Click! FTC Updates Its Negative Option Rule

The United Kingdom and the United States released a joint statement last month outlining plans focused on children’s online privacy. As indicated in the statement, they intend to engage national institutions and other organizations to support this work. They will also be forming a joint online safety working group.Continue Reading UK and US Issue Joint Statement on Children’s Privacy

The New York Attorney General’s office and the UK Information Commissioner’s Office were busy last month when it came to children’s privacy. Both sought input from the public about regulating children’s online privacy, including on social media.Continue Reading Regulators On Both Sides of the Pond Seek Input on Children’s Privacy