This past year has seen a surge of new data privacy laws and at the forefront has been a strong focus on protecting children and their personal information. At the federal level, several initiatives have been introduced to enhance these protections. Amendments to the Children’s Online Privacy Protection Act of 1998 (COPPA) were introduced to modernize the original law to better safeguard children’s data in today’s digital landscape. Similarly, the Kids Online Safety Act was introduced to broaden the scope of protections by addressing a wider range of potential harms to minors that extend beyond just data privacy.
Texas SCOPE Act
Texas has also made a significant move with the passage of the Securing Children Online Through Parental Empowerment (SCOPE) Act, which took effect on September 1, 2024. The SCOPE Act establishes requirements for digital service providers to safeguard minors from potential harms posed by online platforms and digital services. Importantly, the law applies to “digital service providers,” defined as any non-small business entity that owns or operates a website, application, program, or software that collects or processes personal identifying information. Amongst its key provisions, the SCOPE Act requires digital service providers to limit the collection and use of personal information from known minors to what is reasonably necessary for providing the service, while also protecting minors from harmful content. Digital service providers are also prohibited from sharing, selling, or disclosing this information.
Recent Enforcement Action
TikTok became the first digital service provider in SCOPE’s crosshairs when, on October 3, 2024, the Texas Attorney General sued TikTok for allegedly operating its platform in violation of the law. The lawsuit claims that TikTok collects personal identifying information of minors and sells or shares that data with advertisers and third parties without obtaining the required parental consent. It further asserts that TikTok’s safeguards are insufficient to meet SCOPE’s compliance standards. Lastly, the lawsuit alleges that TikTok failed to implement a compliant system for parents or guardians to verify their identity and relationship to a known minor, as required by law.
This enforcement action is part of a series of recent actions by the Texas Attorney General’s office to clamp down on privacy violations. On August 13, 2024, the office sued General Motors for allegedly collecting and selling drivers’ private data in violation of privacy laws. Just weeks earlier, on July 30, 2024, the Attorney General announced a $1.4 billion settlement with Meta over violations of the state’s biometric data capture law. These recent actions signal a growing trend in Texas privacy law enforcement. In fact, on June 4, 2024, the Texas Attorney General informed the public that its office launched a data privacy and security initiative aimed at protecting Texans’ sensitive data from illegal exploitation. This initiative includes establishing a dedicated team “focused on aggressive enforcement of Texas privacy laws.” The recent enforcement actions are proof that Texas is hitting its mark.
Next Steps for Your Organization
If your organization is based in Texas or handles the information of Texas residents, it is critical to conduct a thorough analysis to identify which of the state’s several privacy laws apply to your organization’s operations. Armed with this knowledge, your organization will be well-prepared to build a compliant data privacy program, helping you avoid any unwanted encounters with the Texas Attorney General’s office.
This blog post was drafted by Jeremy Rucker, an attorney in the Dallas, Texas office of Spencer Fane LLP. For more information, visit spencerfane.com.
Click here to subscribe to Spencer Fane communications to ensure you receive timely updates like this directly in your inbox.