Privacy & Information Security Law Blog

On April 16, 2025, the Arkansas state legislature passed a bill, S.B. 611, to amend the Arkansas Social Media Safety Act of 2023 (the “Act”). This development follows a U.S. District Court decision permanently enjoining the Act from taking effect.

Permanent Injunction

On March 31, 2025, the U.S. District Court for the Western District of Arkansas held, in a case brought by tech industry trade association NetChoice, that the Act was unconstitutional, and granted a permanent injunction blocking the Act from taking effect. The permanent injunction followed a preliminary injunction by the same court to prevent the Act from taking effect on September 1, 2023. The case represents the first permanent injunction that NetChoice has obtained in a string of lawsuits it has brought against other state social media and children’s privacy laws.

The District Court held that the Act was unconstitutional because it did not meet the standard of strict scrutiny review required under the First Amendment. The Court’s decision focused on the Act’s requirement that social media platforms verify the age of their users to prevent minors under the age of 18 from creating social media accounts without parental consent. The court held that the Act was a content-based restriction on speech that is not narrowly tailored to serve a compelling government interest. In his ruling, Judge Timothy Brooks noted that “[r]ather than targeting content that is harmful to minors, [the] Act [] simply impedes access to content writ large.” The court also found that the Act’s user age-verification requirement was maximally burdensome, imposing barriers to access entire social media platforms, rather than placing barriers around the content or functions that raise concern.

Act Amendments

Following the ruling, the Arkansas state legislature passed a new bill, S.B. 611, which amends the Act. S.B. 611 retains and strengthens the law’s age verification provisions, broadens the scope and applicability of the Act to include additional online platforms, narrows the age of applicability to users under 16 years old (as opposed to 18 years old), and adds a private right of action for parents of minor users. The bill now awaits signature by the Arkansas governor.

Covered Social Media Platforms
S.B. 611 broadly defines “social media platform” to include an online platform, application or service that is accessed by Arkansas users and: (1) facilitates user communication; (2) assigns unique identifiers to user accounts (e.g., username, profile, image); (3) allows for the creation of user profiles containing personal information (e.g., name, username, date of birth); (4) allows users to connect, follow or establish a relationship with other users “and creates a network of interactions either in real time or asynchronously” (e.g., “likes”); and (5) primarily generates revenue through user engagement (e.g., targeted advertising and user data monetization). Email service providers, non-profit organizations, schools, B2B software, common carriers and broadband Internet services are exempted from application.

Minor Users
S.B. 611 narrows the Act’s age of applicability to Arkansas resident social media platform users under the age of 16, as opposed to 18. S.B. 611 also notably specifies that a user is subject to the Act even if they use a VPN to connect to the social media platform that gives the appearance that they are not located in Arkansas when they in actuality are.

Requirements
S.B. 611 prohibits covered social media platforms from:

• engaging in practices that “evoke any addiction or compulsive behaviors” in minor users, including through notifications, recommended content, artificial sense of accomplishment, or engagement with online bots that appear human; and
• sending notifications to minor users (other than safety or privacy-related alerts) between 10 PM and 6 AM CST.

In addition, covered social media platforms must:

• implement technological measures to prevent circumvention of the social media platform’s age verification protocols (including technology that monitors for suspicious activity or prevents a minor from creating an account outside of Arkansas and using the account in Arkansas);
• provide the most privacy and safety-protective settings for minor users;
• conduct at least quarterly audits to ensure the social media platform is not “causing minors to engage in compulsory or addiction-driven behavior”; and
• develop an easily accessible online dashboard to allow minor users’ parents to view and understand their child’s social media use habits and restrict their child’s access to the covered social media platform.

With respect to enforcement, S.B. 611, increases the penalties for noncompliance to $10,000 per violation (up from $2,500 per violation), and specifies that each day a covered social media platform violates the Act constitutes a separate violation of the Act. The bill also makes a violation of the Act a strict liability civil offense. Additionally, S.B. 611 provides a private right of action for parents or guardians of minor users covered by the Act.

Given that S.B. 611 retains the law’s age verification provisions, the amendments are unlikely to cure the permanent injunction issued by the court.