Texas Attorney General Launches Investigation Into Companies Over Privacy Practices Regarding Minors

In a significant move aimed at protecting children’s privacy and safety in the digital age, the Texas Attorney General (AG) has launched investigations into several major companies, scrutinizing their privacy practices with regard to minors. The investigations focus on whether these companies are complying with state laws under the SCOPE Act and the Texas Data Security and Privacy Act (TDSPA), both of which include specific provisions designed to ensure the protection of minors’ personal data and online safety.

The AG’s office is particularly concerned with whether these companies are meeting their legal obligations to provide effective parental control tools, obtain proper notice and consent from parents or guardians, and safeguard the privacy of children and adolescents in accordance with state law. With children and teenagers increasingly spending time online—whether for social media, gaming, or educational purposes—the investigations are part of a broader effort to hold companies accountable for their role in managing children’s data.

The SCOPE Act and TDSPA: A Legal Framework for Protecting Minors

The SCOPE Act (Securing Children’s Online Privacy and Education Act) and the TDSPA (Texas Data Security and Privacy Act) are two key pieces of legislation that aim to enhance the protection of minors’ personal data in the digital ecosystem. These laws have been designed to address the unique vulnerabilities of children and teenagers, whose online activities can expose them to risks ranging from data exploitation to cyberbullying and inappropriate content.

Key provisions of the SCOPE Act and TDSPA include:

1. Parental Management Tools:

• Companies that collect personal information from minors are required to provide parental control and management tools. These tools allow parents or guardians to monitor and restrict what their children can access or share online. This could include features that allow parents to review and delete their child’s data or set limits on their activity within online platforms.

2. Notice and Consent:

• Companies must obtain verifiable consent from parents or legal guardians before collecting personal data from children under a certain age (typically 13 years old, as outlined in the Children’s Online Privacy Protection Act, COPPA). This includes notifying parents about what data is being collected and how it will be used, as well as offering mechanisms for parents to revoke consent and manage their children’s privacy settings.

3. Data Protection:

• Both acts impose strict requirements on how companies must handle, store, and secure the personal data of minors. The laws mandate the use of robust data security measures to prevent unauthorized access, loss, or misuse of sensitive information.

4. Transparency and Accountability:

• Companies are required to provide clear and accessible privacy notices that explain their data collection practices, especially as they pertain to children. They must also ensure transparency in their terms of service and privacy policies, clearly outlining how they will use any data collected from minors and how parents can exercise their rights to manage that data.

The AG’s Investigation: Focus on Compliance with Texas Privacy Laws

The Texas Attorney General’s office has launched its investigations to ensure that companies—particularly those in the tech, social media, and gaming industries—are complying with these laws. The AG’s office has not disclosed the names of the companies under investigation, but it has emphasized that the focus is on those businesses that collect and process the data of children and minors.

The investigation will likely focus on several key areas:

1. Parental Control and Consent Mechanisms:

   • Whether companies are offering adequate tools for parents to manage their children’s online activities, including access restrictions and data deletion capabilities. The investigation will assess whether these tools are effective, user-friendly, and properly communicated to parents.

2. Transparency in Data Collection:

   • Whether companies are being transparent about the type of personal information they collect from minors, how that information is used, and whether they provide clear opt-in and opt-out options for parents. The AG’s office will also examine whether companies are obtaining proper consent before collecting data from minors.

3. Data Security and Privacy Protection:

   • Whether companies are safeguarding the data of minors in accordance with Texas law. This includes ensuring that adequate security protocols are in place to prevent data breaches and unauthorized access, as well as confirming that companies are only retaining children’s data for as long as necessary.

4. Enforcement of Parental Rights:

   • How effectively companies are enforcing parental rights under the SCOPE Act and TDSPA. This includes ensuring that parents can easily access, modify, or delete their child’s data and exercise control over what information is shared online.

The Impact of the Investigation: What It Means for Companies

This investigation is part of a broader trend toward tightening privacy protections for minors, not just in Texas, but across the United States. In recent years, there has been increasing scrutiny of tech giants and other online platforms that cater to young users, such as social media networks, online gaming platforms, and educational apps. With children and teenagers becoming more immersed in the digital world, lawmakers and regulators are facing mounting pressure to address the risks posed by data collection, privacy violations, and exposure to harmful content.

If the investigations reveal that companies are not in compliance with Texas laws, the AG’s office could impose fines and penalties under the SCOPE Act and TDSPA. These fines could be significant, especially for larger companies that generate substantial revenue from collecting personal data. The investigation may also lead to regulatory changes or updates to privacy laws, especially if gaps are identified in the protection of minors’ online safety and data security.

For businesses, the investigations serve as an important reminder to ensure that their privacy practices are fully aligned with state laws, particularly in relation to minors. Companies may need to review and update their privacy policies, parental consent mechanisms, and data security practices to comply with both Texas regulations and other federal laws like the Children’s Online Privacy Protection Act (COPPA).

Broader Implications for Privacy and Data Protection

This investigation also highlights the growing focus on children’s privacy at both the state and federal levels. As children spend more time online, whether on social media, gaming platforms, or educational tools, regulators are increasingly focused on ensuring that their data is not exploited or misused. In Texas, as in other states, the right to privacy for minors is becoming a key issue for lawmakers, particularly in the context of AI-driven technologies, targeted advertising, and data analytics.

The Texas AG’s actions align with broader concerns about data privacy in the digital age. The investigations could prompt other states to adopt similar measures or encourage Congress to revisit federal laws like COPPA, ensuring that they are up to date with modern digital practices and the evolving landscape of online privacy.

The Texas Attorney General’s investigation into companies' privacy practices concerning minors marks a critical step in the state’s ongoing effort to safeguard the personal data and online safety of children and teenagers. As digital platforms continue to play an increasingly central role in the lives of young people, it is essential that companies uphold strong privacy protections, transparency, and security measures.

For parents, the investigation offers an opportunity to reflect on the importance of parental control tools and ensure they are fully leveraging the privacy options available to them. For businesses, it underscores the need for compliance with state and federal privacy laws—a growing imperative as regulators continue to focus on how data is collected, used, and protected, especially when it comes to the most vulnerable online users: children.