2025 has been another active year for children’s and teens’ privacy legislation. This post recaps notable developments and trends thus far in 2025. Our summaries from 2023 and 2024 can be found here and here.
App Store Laws
A new trend in 2025 has been legislation targeting app store
Continue Reading State and Federal Developments in Minors’ Privacy in 2025Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law. Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers. Beginning on January 1, 2026, the statute’s cure provision will only apply to controllers that are a “noncommercial educational broadcast station, as defined in 47 U.S.C. 397” and that (1) receive funding from the Corporation for Public Broadcasting and (2) distribute the entity’s journalism content without cost to recipients.
Continue Reading Oregon Amends Its Comprehensive Privacy StatuteOn June 22, Texas Governor Greg Abbott (R) signed the Texas Responsible AI Governance Act (“TRAIGA”) (HB 149) into law. The law, which takes effect on January 1, 2026, makes Texas the second state to enact comprehensive AI consumer protection legislation, following the 2024 enactment of the Colorado
Continue Reading Texas Enacts AI Consumer Protection LawOn June 24, 2025, the Connecticut governor signed SB 1295, which amends the state’s comprehensive privacy statute, the Connecticut Data Privacy Act (“CTDPA”). SB 1295 takes effect on July 1, 2026.
Continue Reading Connecticut Legislature Amends Its Privacy StatuteThis year, state lawmakers have introduced over a dozen bills to regulate “surveillance,” “personalized,” or “dynamic” pricing. Although many of these proposals have failed as 2025 state legislative sessions come to a close, lawmakers in New York, California, and a handful of other states are moving forward with a range
Continue Reading State Legislatures Advance Surveillance Pricing RegulationsOn June 2, 2025, the New Jersey Division of Consumer Affairs published draft regulations to implement the New Jersey Data Protection Act, which went into effect on January 1, 2025. The draft regulations propose detailed requirements, including for privacy notices, consent, and consumer rights. Interested parties may submit written
Continue Reading New Jersey Division of Consumer Affairs Proposes Draft RegulationsA number of previously enacted laws related to privacy and minors’ use of social media platforms will enter into force in July 2025. These laws include comprehensive privacy frameworks in Tennessee and Minnesota, as well as laws governing the use of social media platforms by minors in Georgia and Louisiana. An overview of some key laws is below.
Continue Reading New State Privacy and Minor Social Media Laws to Become Effective in JulyOn May 20, 2025, Nebraska Governor Pillen approved LB 383, which imposes a broad range of restrictions on minors’ access online. In addition to a ban on artificial intelligence-generated child pornography, the law also requires parental controls over minor social media accounts. Nebraska joins at least two other states that have passed bans on social media for minors without parental consent this year.
Continue Reading Nebraska Bans Minor Social Media Accounts Without Parental ConsentOn May 19, 2025, New York’s Office of the Attorney General (“OAG”) published new guidance on the New York Child Data Protection Act (the “Act”), which becomes effective on June 20, 2025. As we reported last summer, the OAG released an Advanced Notice of Proposed Rulemaking addressing the Act on August 1, 2024. The OAG has yet to release a full Notice of Proposed Rulemaking, which would be the next step in the process of developing a final rule implementing the Act’s rulemaking provisions. Until the rules are finalized, the guidance suggests that the OAG will exercise discretion in its enforcement of the Act and consider good-faith efforts to comply with the statute. Informal guidance is not legally binding, but provides some additional context on how the OAG might prioritize enforcement of the Act. For a broader description of the Act’s provisions, see our previous reporting linked above. Some key elements from the guidance are listed below.
Continue Reading New York Attorney General Issues Guidance on New York Child Data Protection ActOn May 6, 2025, the California Privacy Protection Agency (“CPPA”) announced a decision and $345,178 fine related to allegations that Todd Snyder, Inc. violated the California Consumer Privacy Act (“CCPA”) and requirements to change its business practices.
Continue Reading Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations