Photo of Jenna Zhang

Jenna Zhang

Jenna Zhang advises clients across industries on data privacy, cybersecurity, and emerging technologies. 

Jenna partners with clients to ensure their compliance with the rapidly evolving federal and state privacy and cybersecurity laws. She supports clients in designing new products and services, drafting privacy notices and terms of use, responding to cyber and data security incidents, and evaluating privacy and cybersecurity risks in corporate transactions. In particular, she advises clients on substantive requirements relating to children’s and student privacy, including COPPA, FERPA, age-appropriate design code laws, and social media laws.

As part of her practice, Jenna regularly represents clients in data privacy investigations and enforcement actions brought by the Federal Trade Commission and state attorneys general. She also supports clients in proactive engagement with regulators and policymakers to ensure their perspectives are heard.

Jenna also maintains an active pro bono practice with a focus on supporting families in adoptions, guardianships, and immigration matters.

Contact:Read more about Jenna ZhangEmail

On May 20, 2025, Nebraska Governor Pillen approved LB 383, which imposes a broad range of restrictions on minors’ access online.  In addition to a ban on artificial intelligence-generated child pornography, the law also requires parental controls over minor social media accounts.  Nebraska joins at least two other states that have passed bans on social media for minors without parental consent this year.Continue Reading Nebraska Bans Minor Social Media Accounts Without Parental Consent

On May 19, 2025, New York’s Office of the Attorney General (“OAG”) published new guidance on the New York Child Data Protection Act (the “Act”), which becomes effective on June 20, 2025.  As we reported last summer, the OAG released an Advanced Notice of Proposed Rulemaking addressing the Act on August 1, 2024.  The OAG has yet to release a full Notice of Proposed Rulemaking, which would be the next step in the process of developing a final rule implementing the Act’s rulemaking provisions.  Until the rules are finalized, the guidance suggests that the OAG will exercise discretion in its enforcement of the Act and consider good-faith efforts to comply with the statute.  Informal guidance is not legally binding, but provides some additional context on how the OAG might prioritize enforcement of the Act.  For a broader description of the Act’s provisions, see our previous reporting linked above. Some key elements from the guidance are listed below. Continue Reading New York Attorney General Issues Guidance on New York Child Data Protection Act

On September 20, 2024, California Governor Newsom signed into law SB 976, the Protecting Our Kids from Social Media Addiction Act (the “Act”). The Act defines and prohibits an “addictive internet-based service or platform” from providing an “addictive feed” to a minor unless the platform has previously obtained verifiable parental consent. The Act will take effect on January 1, 2025, and the California Attorney General will promulgate regulations on age assurance and parental consent by January 1, 2027. This post summarizes the law’s key provisions. The law includes several technical definitions and exceptions, which are explained at the end of this post.Continue Reading California Passes Law to Protect Minors from “Addictive Feeds”

On June 18, 2024, Louisiana enacted HB 577, prohibiting “social media platforms” with more than 1 million users globally from displaying targeted advertising to Louisiana users that the platform has actual knowledge are under 18 years of age and from selling the sensitive personal data of such users. The law amends the effective date of the state social media law, the Louisiana Secure Online Child Interaction and Age Limitation Act (“the SOCIAL Act”), to July 1, 2025. HB 577 also will take effect on July 1, 2025. This post summarizes the law’s key provisions.Continue Reading Louisiana Bans Targeted Advertising to Minors on Social Media Platforms

On March 7, Utah repealed and replaced its Social Media Regulation Act, which had previously been challenged in a pair of lawsuits by NetChoice and the Foundation for Individual Rights and Expression.  The replacement legislation is spread across two enacted bills, SB 194 and HB 464.  SB 194 contains the bulk of the legislation’s general provisions, while HB 464 includes a private right of action for certain harms associated with a minor’s use of algorithmically curated social media. We summarize below some of the key features of the new legislation, which will go into effect on October 1, 2024.Continue Reading Utah Repeals and Replaces Social Media Regulation Act

On May 22 the Federal Trade Commission (“FTC”) announced a $6 million settlement with Edmodo, an ed tech provider, for violations of the COPPA Rule and Section 5 of the FTC Act.  The FTC described this settlement as the first FTC order that will prohibit an ed tech provider from requiring students to provide more personal data than necessary to participate in online activities.  The settlement is consistent with the FTC’s policy statement on ed tech issued last May (see our summary of the policy statement here).Continue Reading FTC Announces COPPA Settlement Against Ed Tech Provider Including Strict Data Minimization and Data Retention Requirements

This year has been off to a busy start with respect to children’s and minors’ privacy legislation efforts. We wanted to take a moment to recap the latest developments across the board.

The most notable trend of the year thus far has been the widespread introduction of Age Appropriate Design

Continue Reading State, Federal, and Global Developments in Children’s Privacy, Q1 2023