Federal and state enforcement actions involving children's data violations, tracked from official government sources.
69
Total Actions
$4.0B
Total Fines
10
Jurisdictions
A former employee of the New Jersey Department of Children and Families was indicted for allegedly leaking confidential child protection case information in exchange for bribes. The defendant, Susaida Nazario, misused her access to provide case details to an unauthorized individual, compromising sensitive children's data.
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.
The FTC issued a policy statement announcing that it will not enforce the COPPA Rule against website and online service operators that use age verification technologies solely to determine user age, provided they comply with conditions such as limiting data use, ensuring security, and providing clear notice. This policy aims to incentivize age verification tools to protect children online.
California Attorney General Rob Bonta sent a cease and desist letter to xAI, demanding the company immediately stop the creation and distribution of deepfake, nonconsensual intimate images and child
California Attorney General Rob Bonta joined a multistate coalition in filing an amicus brief opposing the U.S. Department of Justice's subpoena for patient records from University of Pittsburgh Medical Center related to gender-affirming care. The brief argues that the subpoena violates patient privacy, infringes on states' rights to regulate medicine, and exceeds DOJ's statutory authority.
California Attorney General Rob Bonta announced an investigation into xAI for its Grok AI model generating nonconsensual sexual images of women and children, including child sexual abuse material. The AG expressed deep concern and zero tolerance, urging immediate action to prevent further
Massachusetts Attorney General Andrea Campbell filed a motion to enforce a preliminary injunction against the Trump Administration's demands for personal data of SNAP recipients. The court previously blocked such demands, but the administration renewed its request, threatening to withhold funding. The AG seeks to ensure compliance with federal privacy laws and protect SNAP recipients' sensitive information.
Virginia Attorney General Jay Jones announced intent to enforce new provisions of the Virginia Consumer Data Protection Act that limit minors' social media usage to one hour per day without parental consent. The law, effective January 1, 2026, requires age verification and verifiable parental consent to change time limits, with potential penalties up to $7,500 per violation and injunctive relief. This follows a motion to dismiss a lawsuit by NetChoice challenging the law.
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
A bipartisan coalition of 42 attorneys general sent a letter to major AI software companies demanding safeguards to protect users from harmful chatbot interactions. The letter cites multiple incidents of mental health struggles, self-harm, and deaths, particularly affecting children and vulnerable populations. Companies are asked to implement safety testing, recall procedures, and clear warnings by January 16, 2026.
Florida Attorney General James Uthmeier filed a lawsuit against Roblox, alleging that the company misrepresented the safety of its platform to parents and failed to protect children from accessing adult content and being contacted by predators. The lawsuit seeks injunctive relief and other remedies to ensure child safety on the platform.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation for monopolizing the electronic health records market and for deceptive practices that automatically restrict parental access to children's medical records, violating Texas law. The action seeks to restore parental rights and promote competition in the EHR industry.
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. for violating the CCPA. The mobile gaming company failed to provide opt-out methods for the sale or sharing of personal information across its 21 apps and sold or shared data of children aged 13-16 without required affirmative consent. Jam City must now implement in-app opt-out mechanisms and obtain affirmative consent for minors' data.
$1.4M
California Attorney General Rob Bonta settled with Sling TV for $530,000 over CCPA violations. Sling TV failed to provide an easy-to-use opt-out mechanism for the sale of personal information and lacked adequate privacy protections for children's data. The settlement requires Sling TV to implement changes to ensure CCPA compliance, including improved opt-out processes and children's privacy safeguards.
$530K
California Attorney General Rob Bonta secured a $530,000 settlement with Sling TV for violating the CCPA. The company failed to provide an easy-to-use method for consumers to opt-out of the sale of their personal information and did not provide adequate privacy protections for children. The settlement requires Sling TV to implement specific changes to its opt-out mechanisms and parental controls.
$530K
California Attorney General Rob Bonta joined 15 attorneys general in filing an amicus brief to limit a U.S. DOJ subpoena seeking medical records of transgender youth from Children's Hospital of Philadelphia, arguing it violates patient privacy and could intimidate providers of gender-affirming care.
The Florida Attorney General's Office of Parental Rights filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights and FDUTPA by collecting and selling children's personal data without parental consent and misrepresenting privacy controls. The action seeks civil penalties, injunctive relief, and measures to ensure compliance.
The FTC filed a complaint against Iconic Hearts Holdings, Inc., operator of the Sendit anonymous messaging app, for unlawfully collecting personal data from children in violation of COPPA, misleading users by sending messages from fake personas, and tricking consumers into paid subscriptions by falsely promising to reveal anonymous senders.
Florida Attorney General James Uthmeier filed complaints against multiple pornography websites for failing to implement age verification as required by Florida law, allowing children access to harmful material. The law mandates age verification for sites with pornographic content harmful to minors. The complaints seek injunctions, compliance, and civil penalties.
The FTC issued 6(b) orders to seven technology companies to investigate the safety and privacy practices of their AI chatbots, particularly regarding impacts on children and teens. The inquiry focuses on compliance with children's privacy laws, data handling, and disclosures, requiring companies to provide information on these aspects.
The FTC settled allegations against Apitor Technology for violating COPPA by allowing a third party to collect geolocation data from children without parental consent. Apitor must pay a $500,000 suspended fine, delete improperly collected data, and implement measures to comply with COPPA, including obtaining parental consent and notifying parents.
$500K
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
The FTC alleges that Disney violated COPPA by failing to properly label children-directed videos on YouTube as 'Made for Kids,' allowing the collection of personal data from children under 13 without parental consent. Disney will pay a $10 million civil penalty and must implement a program to ensure accurate video designations, potentially incorporating age assurance technologies.
$10.0M
The FTC released a statement by Chairman Ferguson, joined by Commissioners Holyoak and Meador, regarding the enforcement action against Disney Worldwide Services for alleged violations of the Children's Online Privacy Protection Act (COPPA). The statement addresses the case involving children's privacy protections.
Texas Attorney General Ken Paxton has opened an investigation into Meta AI Studio and Character.AI for deceptive practices in marketing AI chatbots as mental health services to children. The platforms are accused of impersonating licensed professionals, fabricating qualifications, and exploiting user data for advertising without proper disclosure. Civil Investigative Demands have been issued to examine violations of Texas consumer protection laws and the SCOPE Act.
Florida Attorney General James Uthmeier filed a lawsuit against multiple online pornography websites for violating HB 3 by not implementing age verification to prevent minors from accessing harmful content. The companies have ignored prior warnings and are accused of unfair business practices. The suit seeks to compel compliance with state law.
Florida Attorney General James Uthmeier filed a lawsuit against multiple online pornography websites for violating HB 3, which requires age verification to prevent minors from accessing harmful content. The companies, including XVideos.com and XNXX.com, have failed to implement age verification since the law took effect on January 1, 2025. The lawsuit seeks to enforce HB 3 and the Florida Deceptive and Unfair Trade Practices Act to protect children from exposure to explicit material.
Texas Attorney General Ken Paxton announced a comprehensive privacy enforcement initiative, achieving record settlements with Meta ($1.4B) and Google ($1.375B) for biometric and geolocation data violations, suing General Motors and TikTok, and investigating numerous companies for children's data and AI practices. The AG's office has enforced multiple Texas privacy laws and registered over 200 data brokers.
$2.8B
The Supreme Court upheld a Texas law requiring pornography websites to implement age-verification measures to protect children from explicit content. Attorney General Ken Paxton is enforcing the law with fines for violations and has sued Aylo Global Entertainment for non-compliance.
The New Jersey Attorney General filed a lawsuit against Discord, Inc. for deceptive business practices under the Consumer Fraud Act. Discord misrepresented its Safe Direct Messaging and age verification features, failing to protect children from
The Connecticut Office of the Attorney General released an updated enforcement report on the Connecticut Data Privacy Act (CTDPA) for 2024, summarizing investigations into companies handling connected vehicles, genetic data, palm recognition, teen messaging apps, and facial recognition. The report outlines expanded enforcement priorities around opt-out practices and dark patterns, and includes legislative recommendations to strengthen the CTDPA.
Saturn Technologies, developer of the Saturn app for high school students, failed to verify users' age and school affiliation, allowing unauthorized interactions and mishandling contact data. The settlement requires a $650,000 penalty and mandates privacy enhancements, including better verification, data deletion, and improved settings for minors.
$650K
Connecticut Attorney General William Tong announced proposed legislation to protect minors from addictive social media features. The bill would prohibit exposing minors to harmful algorithms without parental consent, set default usage limits and notification restrictions, and require annual reporting by social media companies. This follows ongoing legal actions against Meta and TikTok for youth addiction concerns.
The FTC settled with Cognosphere, the developer of Genshin Impact, for violating COPPA by collecting children's data without parental consent and for using deceptive loot box practices that misled players about costs and odds. Cognosphere will pay a $20 million fine, be banned from selling loot boxes to teens under 16 without parental consent, and must implement various transparency and data deletion measures.
$20.0M
The FTC settled with Cognosphere LLC, developer of Genshin Impact, for violating COPPA by collecting personal information from children without parental consent and for deceptive practices regarding in-game loot box purchases. The company will pay $20 million in penalties and is banned from selling loot boxes to children under 16 without verifiable parental consent.
$20.0M
Texas Attorney General Ken Paxton defended House Bill 1181 at the U.S. Supreme Court, which requires online pornography sites to verify users' ages to protect children from harmful content. The law was challenged by pornography distributors, but Texas won at the Fifth Circuit and is now defending its constitutionality. Texas has also sued Aylo Global Entertainment for non-compliance, leading to Pornhub's shutdown in Texas.
Texas Attorney General Ken Paxton filed a lawsuit against TikTok for deceptively promoting its app as safe for children despite the prevalence of inappropriate and explicit content. The action alleges violations of the SCOPE Act, which protects children's online privacy, and follows a previous lawsuit regarding data privacy issues.
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
New York Attorney General Letitia James and a coalition of 14 attorneys general filed lawsuits against TikTok for misleading about platform safety and violating COPPA by collecting children's data without parental consent. The lawsuits allege that TikTok's addictive features harm young people's mental health and that the company falsely claims its safety tools are effective. The coalition seeks to stop these practices and impose financial penalties.
Texas Attorney General Ken Paxton filed a lawsuit against TikTok for sharing minors' personal identifying information without parental consent, violating the SCOPE Act. The AG is seeking civil penalties up to $10,000 per violation and injunctive relief to prevent future violations.
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
The Federal Trade Commission filed an amicus brief in a lawsuit where parents sued IXL Learning for allegedly collecting and selling children's data without proper consent. The FTC argued that under COPPA, school district agreements to arbitration do not bind parents. The brief opposes IXL Learning's attempt to compel arbitration.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
NGL Labs, LLC and its founders were sued by the FTC and Los Angeles DA for marketing an anonymous messaging app to children and teens, making false claims about AI content moderation, sending fake messages to boost engagement, and violating COPPA by collecting kids' data without parental consent. They must pay $5 million, with $500,000 as a civil penalty and $4.5 million for consumer redress, and are banned from offering the app to users under 18. The order requires age gates, data deletion, and prohibits false claims about AI and recurring charges.
$500K
The FTC settled with NGL for deceptively marketing its anonymous messaging app to children and teens, using fake messages to trick users into paid subscriptions without proper consent. The order banned marketing to users under 18 and required $4.5 million in refunds for unauthorized charges.
$4.5M
Tilting Point Media LLC illegally collected and shared children's personal data in its mobile app game 'SpongeBob: Krusty Cook-Off' without parental consent, violating COPPA and CCPA. The settlement imposes a $500,000 civil penalty and injunctive terms to ensure compliance with children's data privacy laws.
$500K
Texas Attorney General Ken Paxton announced a settlement with Multi Media, LLC, operator of Chaturbate, for violating Texas age verification law HB 1181. The company agreed to implement an age verification service on its website to prevent minors from accessing adult content. No monetary penalty was imposed in this settlement.
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
A coalition of 42 attorneys general filed a federal lawsuit against Meta, alleging that the company designed addictive features that harm youth mental health and violated COPPA by collecting children's data without parental consent. The lawsuit seeks injunctive relief, monetary penalties, and restitution.
New Jersey, leading a coalition of 41 other attorneys general, sued Meta for knowingly designing addictive Instagram and Facebook features targeting children and teens while falsely claiming the platforms were safe. The lawsuit alleges Meta collected personal data from users under 13 without parental consent, violating the federal Children's Online Privacy Protection Act (COPPA) and state consumer protection laws like the New Jersey Consumer Fraud Act.
Connecticut led a multistate settlement with JUUL Labs for $438.5 million over allegations of marketing vaping products to underage youth. The settlement funds are being directed to Regional Behavioral Health Action Organizations through new legislation to combat youth vaping, with requirements for transparency and evidence-based programs.
$438.5M
The FTC and DOJ charged Amazon with violating COPPA by indefinitely retaining children's Alexa voice recordings and failing to honor parents' deletion requests. Under a proposed consent decree, Amazon must pay $25 million, delete children's data, and implement privacy safeguards.
$25.0M
The FTC proposed modifications to its 2020 privacy order with Meta, alleging violations including non-compliance with the order, misleading parents about Messenger Kids, and unauthorized data sharing. The proposed changes include banning monetization of youth data, pausing new product launches, and strengthening privacy requirements.
Epic Games, maker of Fortnite, violated children's privacy laws by collecting data from under-13 users without parental consent and used deceptive designs to trick users into unintended purchases. The FTC secured a $275 million civil penalty and $245 million in consumer refunds, with requirements to enhance privacy defaults, delete improperly collected data, implement a privacy program, and prohibit dark patterns and account locking for charge disputes.
$275.0M
Connecticut Attorney General William Tong led 34 states and territories in a $438.5 million settlement with JUUL Labs over its youth-targeted marketing and misleading practices. The settlement includes strict injunctive terms prohibiting youth marketing, certain flavors, and requiring age verification. Funds will support tobacco cessation programs.
$438.5M
New Jersey is co-leading a multistate investigation into TikTok to determine if the platform violates consumer protection laws by using techniques that increase engagement among young users, potentially causing mental and physical harm. The investigation will examine what TikTok knows about these harms to children, teenagers, and young adults.
New Jersey is co-leading a nationwide investigation into whether Instagram and its parent company Meta Platforms, Inc. are violating state consumer protection laws by employing techniques that induce children, teenagers, and young adults to use the platform in potentially harmful ways. The bipartisan coalition of attorneys general is examining the potential mental and physical health harms resulting from extended engagement, including depression, anxiety, and body image issues.
A caseworker with the New Jersey Division of Child Protection and Permanency was charged with criminal offenses for allegedly accessing and disclosing confidential DCF database records without authorization. The charges include Computer Theft and Unlawful Access and Disclosure. The investigation was conducted by the New Jersey State Police.
The FTC removed Aristotle International, Inc. from its list of approved COPPA Safe Harbor programs due to insufficient monitoring of member companies' compliance with COPPA guidelines. This action prevents operators from using Aristotle's program for favorable regulatory treatment and marks the first such removal since COPPA's inception.
The FTC settled with Kuuhuub Inc., operator of the Recolor coloring book app, for violating COPPA by collecting personal information from children under 13 without parental consent. The app's social media features allowed children to register and share data, and third-party ad networks collected persistent identifiers for targeted ads. The settlement requires deletion of children's data, refunds to underage subscribers, a $3 million penalty (suspended upon $100,000 payment), and user notifications about the violations.
$3.0M
The FTC finalized a settlement with Miniclip, S.A. for falsely claiming it was a member of the CARU COPPA safe harbor program. Miniclip is prohibited from misrepresenting its participation in privacy programs and subject to compliance and recordkeeping requirements.
HyperBeard, Inc., a developer of children's apps, agreed to pay $150,000 and delete personal information it illegally collected from children under 13 to settle FTC allegations that it violated COPPA by allowing third-party ad networks to collect persistent identifiers without parental consent. The settlement requires HyperBeard to obtain verifiable parental consent for future data collection and prohibits using the illegally collected data.
$150K
Unixiz, Inc. agreed to shut down its i-Dressup teen social website and pay $98,618 in civil penalties to settle allegations that it violated COPPA by collecting personal information from over 2,500 New Jersey children without parental consent and failed to safeguard user data, leading to a 2016 data breach affecting more than 24,000 New Jersey residents.
$99K
Meitu, Inc. allegedly violated COPPA and the New Jersey Consumer Fraud Act by collecting personal information from children under 13 without parental consent. The settlement requires Meitu to pay a $100,000 civil penalty, update its privacy policies, and modify its apps to block data collection from children.
$100K
The New Jersey Attorney General settled with Dokogeo, the developer of the Dokobots app, for violating COPPA by collecting personal information from children without parental consent. The settlement requires Dokogeo to disclose its data practices, stop collecting children's data, delete existing children's data, and pay a suspended $25,000 penalty.
$25K