1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
Connecticut Attorney General William Tong praised final passage of House Bill 5312, which creates new civil enforcement mechanisms for deepfake digital sexual assault. The legislation allows the AG to pursue civil injunctions and penalties against platforms that disseminate illegal synthetic intimate images, including AI-generated child pornography, and establishes a private right of action for victims. The bill builds on prior Connecticut laws criminalizing unauthorized dissemination of intimate images.
Connecticut’s legislature passed House Bill 5312, creating new civil enforcement mechanisms for deepfake digital sexual assault, including unauthorized dissemination of synthetically created intimate images and AI-generated child pornography. The bill establishes a private right of action for victims and empowers the Connecticut Attorney General to pursue civil injunctions and penalties against abusers and platforms hosting illegal content. This builds on prior Connecticut laws criminalizing unauthorized intimate image dissemination.
Connecticut Attorney General William Tong issued a statement on May 1, 2026, following final passage of bipartisan legislation to combat youth social media addiction and regulate artificial intelligence harms. The legislation imposes new requirements on social media companies regarding minor users, including parental consent for addictive algorithms, default privacy settings, and annual reporting obligations. It also establishes rules for AI chat bots and automated employment decision tools, including disclosure requirements and self-harm detection protocols.
Connecticut Attorney General William Tong issued a statement on May 1, 2026, announcing the final passage of bipartisan legislation targeting youth social media addiction and artificial intelligence harms. The legislation imposes new obligations on social media companies regarding minor account settings, parental consent, and reporting, as well as requirements for AI chatbot operators and employers using automated decision tools. The statement also references ongoing enforcement actions against Meta and TikTok for allegedly designing addictive platform features for youth.
Virginia Attorney General Jay Jones released a 100-day progress report outlining his office's actions, including a pledge to enforce new Virginia Consumer Data Protection Act provisions requiring social media platforms to limit minor users to one hour of daily usage without parental consent, and a data privacy awareness campaign for Virginians. No specific privacy enforcement actions against private entities were detailed in the release.
Connecticut Attorney General William Tong announced a settlement with beauty retailer Sephora resolving an investigation into the company’s marketing of anti-aging skincare products containing active ingredients like retinol to children under 13. Sephora agreed to adopt enforceable safeguards including requiring suppliers to provide age suitability warnings, disclosing those warnings on product pages, training employees to advise young customers, and maintaining a public resource on age-appropriate products. No monetary penalty was imposed.
Florida Attorney General James Uthmeier opened a civil investigation into Discord and issued a subpoena demanding documents related to its marketing to children, age-verification processes, content moderation, parental controls, and reporting of child exploitative activity. The investigation alleges potential violations of Florida’s Deceptive and Unfair Trade Practices Act, citing the platform’s widespread use by child predators to target minors. Discord must produce records on its child safety practices, minor user data, and complaint handling related to child exploitation.
A former employee of the New Jersey Department of Children and Families was indicted for allegedly leaking confidential child protection case information in exchange for bribes. The defendant, Susaida Nazario, misused her access to provide case details to an unauthorized individual, compromising sensitive children's data.
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.
The FTC issued a policy statement announcing that it will not enforce the COPPA Rule against website and online service operators that use age verification technologies solely to determine user age, provided they comply with conditions such as limiting data use, ensuring security, and providing clear notice. This policy aims to incentivize age verification tools to protect children online.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
California Attorney General Rob Bonta joined a multistate coalition in filing an amicus brief opposing the U.S. Department of Justice's subpoena for patient records from University of Pittsburgh Medical Center related to gender-affirming care. The brief argues that the subpoena violates patient privacy, infringes on states' rights to regulate medicine, and exceeds DOJ's statutory authority.
California Attorney General Rob Bonta sent a cease and desist letter to xAI, demanding the company immediately stop the creation and distribution of deepfake, nonconsensual intimate images and child
California Attorney General Rob Bonta announced an investigation into xAI for its Grok AI model generating nonconsensual sexual images of women and children, including child sexual abuse material. The AG expressed deep concern and zero tolerance, urging immediate action to prevent further
Massachusetts Attorney General Andrea Campbell filed a motion to enforce a preliminary injunction against the Trump Administration's demands for personal data of SNAP recipients. The court previously blocked such demands, but the administration renewed its request, threatening to withhold funding. The AG seeks to ensure compliance with federal privacy laws and protect SNAP recipients' sensitive information.
Virginia Attorney General Jay Jones announced intent to enforce new provisions of the Virginia Consumer Data Protection Act that limit minors' social media usage to one hour per day without parental consent. The law, effective January 1, 2026, requires age verification and verifiable parental consent to change time limits, with potential penalties up to $7,500 per violation and injunctive relief. This follows a motion to dismiss a lawsuit by NetChoice challenging the law.
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
A bipartisan coalition of 42 attorneys general sent a letter to major AI software companies demanding safeguards to protect users from harmful chatbot interactions. The letter cites multiple incidents of mental health struggles, self-harm, and deaths, particularly affecting children and vulnerable populations. Companies are asked to implement safety testing, recall procedures, and clear warnings by January 16, 2026.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation, a major electronic health records vendor, alleging unlawful monopolization of the EHR industry and deceptive practices that restrict parental access to minor children’s medical records. The privacy-related claim asserts Epic automatically hides children’s medication lists, treatment notes, and provider messages from parents when a child turns 12, violating Texas law guaranteeing parents unrestricted access to their children’s medical records. The action is part of broader efforts to ensure EHR vendors comply with Texas parental access requirements and promote market competition.
Florida Attorney General James Uthmeier filed a lawsuit against Roblox, alleging that the company misrepresented the safety of its platform to parents and failed to protect children from accessing adult content and being contacted by predators. The lawsuit seeks injunctive relief and other remedies to ensure child safety on the platform.
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
California Attorney General Rob Bonta announced a $1.4 million settlement with mobile gaming company Jam City, Inc. for violating the CCPA by failing to provide consumers with compliant methods to opt out of the sale or sharing of their personal information across its 21 mobile apps. The settlement also resolves allegations that Jam City sold or shared personal data of users aged 13 to 16 without the required affirmative opt-in consent. In addition to the civil penalty, Jam City must implement in-app opt-out methods and obtain opt-in consent for minor users' data sales and sharing.
$1.4M
California Attorney General Rob Bonta secured a $530,000 settlement with Sling TV LLC and Dish Media Sales LLC, resolving allegations that the streaming service violated the CCPA by failing to provide an easy-to-use opt-out mechanism for the sale of personal information and insufficient privacy protections for children. The settlement, subject to court approval, requires Sling TV to implement streamlined opt-out processes across all devices, stop redirecting users to cookie preferences for CCPA opt-outs, and add kid-specific profiles with default opt-out of data sales and targeted advertising. This is the first enforcement action from the DOJ's 2024 investigative sweep of streaming services.
$530K
California Attorney General Rob Bonta joined 15 attorneys general in filing an amicus brief to limit a U.S. DOJ subpoena seeking medical records of transgender youth from Children's Hospital of Philadelphia, arguing it violates patient privacy and could intimidate providers of gender-affirming care.
California Attorney General Rob Bonta settled with Sling TV for $530,000 over CCPA violations. Sling TV failed to provide an easy-to-use opt-out mechanism for the sale of personal information and lacked adequate privacy protections for children's data. The settlement requires Sling TV to implement changes to ensure CCPA compliance, including improved opt-out processes and children's privacy safeguards.
$530K
Florida Attorney General James Uthmeier filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights (FDBOR) and Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The complaint alleges Roku collected, sold, and enabled reidentification of children’s sensitive personal data, including viewing habits and voice recordings, without parental consent or meaningful notice to consumers. The state seeks civil penalties, injunctive relief, and requirements for Roku to implement transparent disclosures, lawful parental controls, and cease unauthorized processing of children’s data.
Texas Attorney General Ken Paxton secured a settlement agreement with Austin Diagnostic Clinic to end its policy of restricting parental access to children’s electronic health records. The agreement requires the clinic to provide parents with full, real-time access to their children’s medical information except where restricted by state or federal law, and the AG will monitor compliance.
All data sourced from official government enforcement pages.