Privacy & Information Security Law Blog

On April 16, 2025, the U.S. District Court for the Southern District of Ohio Eastern Division issued a ruling permanently enjoining the Ohio Attorney General from enforcing the Parental Notification by Social Media Operators Act.

On April 16, 2025, the Arkansas state legislature passed a bill, S.B. 611, to amend the Arkansas Social Media Safety Act of 2023 (the “Act”). This development follows a U.S. District Court decision permanently enjoining the Act from taking effect.

On April 11, 2025, California Attorney General Rob Bonta appealed the U.S. District Court for the Northern District of California’s decision blocking enforcement of California’s Age-Appropriate Design Code Act.

On March 18, 2025, NetChoice filed a lawsuit seeking to enjoin a Louisiana law, the Secure Online Child Interaction and Age Limitation Act, from taking effect this July.

On March 13, 2025, the U.S. District Court for the Northern District of California granted a second motion for preliminary injunction in favor of the technology trade group NetChoice.

NetChoice has filed a lawsuit challenging Maryland’s Age-Appropriate Design Code Act on constitutional grounds, arguing that the law’s requirements, including requirements to perform data protection impact assessments, inhibit free speech.

On January 29, 2025, the United States Court of Appeals for the Ninth Circuit enjoined California from enforcing the Protecting Our Kids from Social Media Addiction Act in its entirety, pending a challenge to the law brought by NetChoice.

On September 10, 2024, the U.S. District Court for the District of Utah issued an Order granting a Motion for a Preliminary Injunction, prohibiting the Utah Attorney General from implementing and enforcing the Utah Minor Protection in Social Media Act, which was set to take effect October 1, 2024.

On August 16, 2024, a Ninth Circuit panel partially upheld an injunction halting implementation of the California Age-Appropriate Design Code Act (the “Act”). In particular, the Ninth Circuit affirmed the district court’s ruling that NetChoice, a technology trade group, was likely to succeed in showing that the Act’s data protection impact assessment (“DPIA”) requirements violate the First Amendment. Under the DPIA requirements, covered businesses would have been required to identify material risks to children under the age of 18, document and mitigate those risks before such children access an online service, product or feature, and provide the DPIA to the California Attorney General upon written request.

On February 12, 2024, a federal court in the Southern District of Ohio issued an order granting a Motion for a Preliminary Injunction, prohibiting the Ohio Attorney General from implementing and enforcing the Parental Notification by Social Media Operators Act, Ohio Rev. Code § 1349.09(B)(1) (the “Act”).

On January 9, 2024, an Ohio federal judge placed a temporary restraining order on Ohio’s Parental Notification by Social Media Operators Act, Ohio Rev. Code § 1349.09(B)(1) (the “Act”), which was approved in July 2023 and was set to go into effect on January 15,2024. Under the Act, parents must provide consent for children under 16 to set up an account on social media and online gaming platforms. The platform operators must also provide parents with a list of content moderation features.

On October 18, 2023, California Attorney General Rob Bonta filed an appeal to overturn a preliminary injunction issued by the U.S. District Court for the Northern District of California last month that prevents the enforcement of the California Age-Appropriate Design Code Act (“CA AADC”). The appeal was submitted to the U.S. Court of Appeals for the Ninth Circuit and marks an important step in assessing the potential progress of the CA AADC.

On September 29, 2023, the Supreme Court of the United States (“SCOTUS”) accepted petitions challenging the constitutionality of social media laws in Florida and Texas. Florida’s law, S.B. 7072, prohibits “a social media platform from willfully deplatforming a [political] candidate.” Texas’s law, H.B. 20, refers to social media platforms as “common carriers” that are “central public forums for public debate,” and requires common carriers to publicly disclose information related to the common carrier’s method of recommending content to users, content moderation efforts, use of algorithms to determine search results, and the common carrier’s ordinary disclosures to its users on user performance data for each of its platforms. Both of these laws were challenged by NetChoice, LLC, a national trade association of large online businesses, who had recent successes in blocking several laws, including the California Age-Appropriate Design Code and a similar social media law in Arkansas.

On September 18, 2023, Judge Beth Labson Freeman of the U.S. District Court for the Northern District of California granted NetChoice’s request for preliminary injunction in NetChoice v. Bonta, finding that NetChoice is likely to succeed on its claim that the California Age-Appropriate Design Code (“CA AADC”) violates the First Amendment. Specifically, the Court found that, as a speech restriction, the CA AADC would likely fail both strict scrutiny and a lesser standard of scrutiny. The preliminary injunction blocks the CA AADC from going into effect until the case is ...

On August 31, 2023, NetChoice, a national trade association of large online businesses, filed supplemental briefing in its challenge to the California Age-Appropriate Design Code (“CA AADC”). The success or failure of NetChoice’s lawsuit will determine whether companies need to be CA AADC-compliant on July 1, 2024 when the law is anticipated to take effect.