1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
The FTC issued a policy statement announcing that it will not enforce the COPPA Rule against website and online service operators that use age verification technologies solely to determine user age, provided they comply with conditions such as limiting data use, ensuring security, and providing clear notice. This policy aims to incentivize age verification tools to protect children online.
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
California Attorney General Rob Bonta sent a cease and desist letter to xAI, demanding the company immediately stop the creation and distribution of deepfake, nonconsensual intimate images and child
A bipartisan coalition of 42 attorneys general sent a letter to major AI software companies demanding safeguards to protect users from harmful chatbot interactions. The letter cites multiple incidents of mental health struggles, self-harm, and deaths, particularly affecting children and vulnerable populations. Companies are asked to implement safety testing, recall procedures, and clear warnings by January 16, 2026.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation, a major electronic health records vendor, alleging unlawful monopolization of the EHR industry and deceptive practices that restrict parental access to minor children’s medical records. The privacy-related claim asserts Epic automatically hides children’s medication lists, treatment notes, and provider messages from parents when a child turns 12, violating Texas law guaranteeing parents unrestricted access to their children’s medical records. The action is part of broader efforts to ensure EHR vendors comply with Texas parental access requirements and promote market competition.
California Attorney General Rob Bonta secured a $530,000 settlement with Sling TV for violating the CCPA. The company failed to provide an easy-to-use method for consumers to opt-out of the sale of their personal information and did not provide adequate privacy protections for children. The settlement requires Sling TV to implement specific changes to its opt-out mechanisms and parental controls.
$530K
Florida Attorney General James Uthmeier filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights (FDBOR) and Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The complaint alleges Roku collected, sold, and enabled reidentification of children’s sensitive personal data, including viewing habits and voice recordings, without parental consent or meaningful notice to consumers. The state seeks civil penalties, injunctive relief, and requirements for Roku to implement transparent disclosures, lawful parental controls, and cease unauthorized processing of children’s data.
The FTC filed a complaint against Iconic Hearts Holdings, Inc., operator of the Sendit anonymous messaging app, for unlawfully collecting personal data from children in violation of COPPA, misleading users by sending messages from fake personas, and tricking consumers into paid subscriptions by falsely promising to reveal anonymous senders.
The FTC issued 6(b) orders to seven technology companies to investigate the safety and privacy practices of their AI chatbots, particularly regarding impacts on children and teens. The inquiry focuses on compliance with children's privacy laws, data handling, and disclosures, requiring companies to provide information on these aspects.
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
The FTC settled allegations against Apitor Technology for violating COPPA by allowing a third party to collect geolocation data from children without parental consent. Apitor must pay a $500,000 suspended fine, delete improperly collected data, and implement measures to comply with COPPA, including obtaining parental consent and notifying parents.
$500K
Florida Attorney General James Uthmeier issued a subpoena to Lorex as part of an ongoing consumer protection and data privacy investigation. The probe examines Lorex’s ties to Dahua Technology and potential foreign spying risks, including unauthorized access to children’s data, and whether the company misled consumers about the privacy and security of its camera products and apps. The subpoena seeks documents related to corporate structure, third-party contracts, software update origins, data center locations, security vulnerabilities, and marketing claims about privacy and security.
Texas Attorney General Ken Paxton has opened an investigation into Meta AI Studio and Character.AI for deceptive practices in marketing AI chatbots as mental health services to children. The platforms are accused of impersonating licensed professionals, fabricating qualifications, and exploiting user data for advertising without proper disclosure. Civil Investigative Demands have been issued to examine violations of Texas consumer protection laws and the SCOPE Act.
Texas Attorney General Ken Paxton opened an investigation into Meta and Character.AI via Civil Investigative Demands, alleging deceptive trade practices including misrepresenting AI chatbots as confidential mental health tools while harvesting user data for targeted advertising. The probe assesses potential violations of Texas consumer protection laws and the SCOPE Act, particularly regarding privacy misrepresentations, concealment of data usage, and harms to children. This builds on prior investigations into Character.AI for SCOPE Act compliance.
Texas Attorney General Ken Paxton announced a comprehensive privacy enforcement initiative, achieving record settlements with Meta ($1.4B) and Google ($1.375B) for biometric and geolocation data violations, suing General Motors and TikTok, and investigating numerous companies for children's data and AI practices. The AG's office has enforced multiple Texas privacy laws and registered over 200 data brokers.
$2.8B
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
NGL Labs, LLC and its founders were sued by the FTC and Los Angeles DA for marketing an anonymous messaging app to children and teens, making false claims about AI content moderation, sending fake messages to boost engagement, and violating COPPA by collecting kids' data without parental consent. They must pay $5 million, with $500,000 as a civil penalty and $4.5 million for consumer redress, and are banned from offering the app to users under 18. The order requires age gates, data deletion, and prohibits false claims about AI and recurring charges.
$500K
The FTC settled with NGL for deceptively marketing its anonymous messaging app to children and teens, using fake messages to trick users into paid subscriptions without proper consent. The order banned marketing to users under 18 and required $4.5 million in refunds for unauthorized charges.
$4.5M
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
Connecticut led a multistate settlement with JUUL Labs for $438.5 million over allegations of marketing vaping products to underage youth. The settlement funds are being directed to Regional Behavioral Health Action Organizations through new legislation to combat youth vaping, with requirements for transparency and evidence-based programs.
$438.5M
The FTC and DOJ charged Amazon with violating COPPA by indefinitely retaining children's Alexa voice recordings and failing to honor parents' deletion requests. Under a proposed consent decree, Amazon must pay $25 million, delete children's data, and implement privacy safeguards.
$25.0M
Connecticut Attorney General William Tong led 34 states and territories in a $438.5 million settlement with JUUL Labs over its youth-targeted marketing and misleading practices. The settlement includes strict injunctive terms prohibiting youth marketing, certain flavors, and requiring age verification. Funds will support tobacco cessation programs.
$438.5M
The FTC settled with Kuuhuub Inc., operator of the Recolor coloring book app, for violating COPPA by collecting personal information from children under 13 without parental consent. The app's social media features allowed children to register and share data, and third-party ad networks collected persistent identifiers for targeted ads. The settlement requires deletion of children's data, refunds to underage subscribers, a $3 million penalty (suspended upon $100,000 payment), and user notifications about the violations.
$3.0M
HyperBeard, Inc., a developer of children's apps, agreed to pay $150,000 and delete personal information it illegally collected from children under 13 to settle FTC allegations that it violated COPPA by allowing third-party ad networks to collect persistent identifiers without parental consent. The settlement requires HyperBeard to obtain verifiable parental consent for future data collection and prohibits using the illegally collected data.
$150K
Meitu, Inc. allegedly violated COPPA and the New Jersey Consumer Fraud Act by collecting personal information from children under 13 without parental consent. The settlement requires Meitu to pay a $100,000 civil penalty, update its privacy policies, and modify its apps to block data collection from children.
$100K
The New Jersey Attorney General settled with Dokogeo, the developer of the Dokobots app, for violating COPPA by collecting personal information from children without parental consent. The settlement requires Dokogeo to disclose its data practices, stop collecting children's data, delete existing children's data, and pay a suspended $25,000 penalty.
$25K
All data sourced from official government enforcement pages.