• |

    Nov. 26, 2025

A Compilation of Practical Insights on Children’s Privacy to Stay Ahead of the Enforcement Curve

The Global Privacy Enforcement Network, made up of more than 30 data protection authorities worldwide, has announced the launch of its annual privacy sweep, which will focus on mobile applications commonly used by children. The group of regulators, which includes the FTC, California AG, U.K. Information Commissioner’s Office and the French Commission Nationale de l’Informatique et des Libertés, will review whether these products collect children’s data responsibly, provide clear privacy notices, and implement age assurance and protective controls. The initiative highlights the growing importance of safeguarding children’s privacy in digital spaces. This collection of practical articles from the Cybersecurity Law Report presents analyses of requirements under relevant laws and lessons from regulatory enforcement actions to help companies meet compliance obligations.

Children’s Privacy Grows Up Series

Children’s online privacy is not just for tweens and half-pints anymore. Companies are increasingly blocking targeted advertising to teen users in response to demanding state laws in Texas, Maryland, Colorado, Connecticut and several others that are designed to protect minors up to age 18. Additionally, the FTC began 2025 by adding multiple new hurdles and friction points for companies that collect the data of children under 13 by amending its Children’s Online Privacy Protection Act Rule (Amended Rule) for the first time since 2013. The first article in this three-part series discussed the key pacesetter laws that emerged in 2024 to regulate minors’ online activities and examined the most significant trends shaping this increasingly difficult compliance area. Part two addressed the new legal framework around minors’ privacy, spotlighted the Amended Rule’s most significant changes and examined their impact on companies’ compliance. The third article provided practical compliance considerations for businesses around requirements common to multiple laws, discussed a unified approach to protecting a vulnerable group and offered sources for guidance.

Challenges in Opt-Out Design and Children’s Privacy Highlighted by Sling TV’s Settlement With California AG

The California AG’s recent settlement with Sling TV reinforces that regulators are focused on opt-out processes and children’s data. Sling TV was fined $530,000 by the enforcer, and required to implement expanded compliance measures, for violating the CCPA by failing to offer customers an easy method to stop the sale of their personal data and not providing sufficient privacy protections for children. The investigation into Sling TV’s privacy operations stemmed from the California DOJ’s investigative sweep of streaming services and connected TVs, which was announced in January 2024. This article analyzed Sling TV’s alleged violations and the terms of the voluntary settlement, with practical takeaways from partners at Finnegan and Frankfurt Kurnit.

Connecticut and Oregon’s Revised Privacy Laws: Impact Assessments, Minors and More

The trend toward more robust and nuanced privacy protection requirements continues to grow. In June 2025, Connecticut and Oregon enacted significant amendments to their comprehensive consumer data privacy laws – joining Montana, Utah, Virginia and Colorado, all of which also made major revisions to their laws in 2025. This article examined some of the key changes introduced by the Connecticut and Oregon amendments, including a new and unique impact assessment obligation, privacy notice requirements, prohibitions on the sale of certain data types, and heightened protections for children and minors. With insights from McDermott Will & Emery, Hintze Law, Reed Smith and Orrick, it also provided practical compliance measures that companies should consider taking before the revised provisions go into effect.

Navigating Three New State Laws That Require Apple and Google App Stores to Check All Users’ Ages

Checking a customer’s ID is not just for cigarette and liquor sales anymore. New “app store accountability” laws in Texas, Utah and Louisiana mandate that Google and Apple mobile stores, and maybe others, check all users’ ages before each app download and obtain permission slips from minors’ parents. Companies with apps now have a duty to know the age range of their customers, and they must update app stores when materially changing their app’s data processing, user features and monetization elements. This article, with insights from experts at Blank Rome, Loeb & Loeb, Pillsbury, Sheppard Mullin and Wilson Sonsini, examined the three new laws and discussed their implications and uncertainties. It also offered compliance strategies and addressed the practical impacts of broader changes in age verification law, including the recent U.S. Supreme Court decision in Free Speech Coalition v. Paxton.

FTC Signals Stricter Children’s Enforcement in NGL Labs Settlement Series

The FTC introduced a novel ban on offering an online service to children and teens under 18 years old when it announced its settlement with California-based app developer NGL Labs and two of its co‑founders. NGL, short for “not gonna lie,” is an app that enables its users to receive anonymous messages. The settlement showcases the FTC’s willingness to use the Children’s Online Privacy Protection Act and other federal laws to protect teens as well as younger children. This two-part series on the significant aspects of the case featured insights from Covington, Hunton Andrews Kurth, Orrick, ZwillGen and Alston & Bird. The first article examined the key violations and settlement terms as well as what the resolution signals about the FTC’s children’s privacy enforcement. Part two covered the FTC’s application of the substantial injury standard, enforcement coordination trends and compliance lessons.

State AG Representatives Disclose AI Regulatory and Enforcement Outlook

As AI-specific legislation continues to get introduced, regulators are making clear that existing consumer protection and privacy laws still apply to issues involving AI. Moreover, just because a state does not have an AI law that addresses a certain activity does not mean that it will not take an interest in what another state is doing. This article synthesized commentary from the Assistant AG and Chief of the Privacy and Responsible Technology Division in the Massachusetts AG’s Office, and the outgoing Director of Privacy and Tech Enforcement in the Texas AG’s Office, on the current AI legislative, regulatory and enforcement landscape, including the focus on protecting children. The discussion, moderated by Orrick, took place during IAPP’s AI Governance Global North America conference.

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.