A number of previously enacted laws related to privacy and minors’ use of social media platforms will enter into force in July 2025.  These laws include comprehensive privacy frameworks in Tennessee and Minnesota, as well as laws governing the use of social media platforms by minors in Georgia and Louisiana.  An overview of some key laws is below.

Comprehensive Privacy Laws

  • Tennessee Information Protection Act.  The Tennessee Information Protection Act (TIPA) takes effect on July 1, 2025.  TIPA adopts the general framework used in Virginia and other state privacy statutes.  The law applies to businesses that, among other things, process personal data of at least 175,000 consumers annually—or 25,000 if the business derives over 50% of its revenue from selling personal data—and grants Tennessee residents rights to access, delete, correct, and port their personal data, as well as opt out of targeted advertising, sales, and profiling.  Notably, the law requires opt-in consent for processing sensitive data and mandates data protection assessments for high-risk activities.  Additionally, enforcement authority lies solely with the Tennessee Attorney General, with a 60-day cure period for violations.
  • Minnesota Consumer Data Privacy Act. The Minnesota Consumer Data Privacy Act takes effect on July 31.  The act generally follows the Virginia model, with some unique provisions, including additional consumer rights around automated decision-making and detailed compliance documentation requirements.  Notably, the act refers to “specific” geolocation data, unlike other state statutes which refer to “precise” geolocation data and focuses on accuracy to geographic coordinate system points or street addresses.  We previously covered this privacy act in more detail here.

Minor Social Media Laws

  • Protecting Georgia’s Children on Social Media Act of 2024.  This Georgia law comes into force on July 1.  Among other provisions, this law requires parental consent for a minor under the age of 16 to create an account on a social media platform, requires the social media platform to provide a U16 minor’s parents with an overview of the platform’s content moderation features, and prohibits advertising to U16 minors using personal information other than the minor’s age and location.  The law requires that social media platforms make “commercially reasonable efforts” to verify the ages of account holders and determine whether they are U16 minors, or otherwise apply limitations required for minors to the accounts of allusers.  NetChoice has challenged the law.
  • Louisiana HB 577.  This Louisiana law, which comes into force on July 1, restricts social media platforms’ processing of personal data from minors under the age of 18.  Among other requirements, a covered social media platform may not sell U18 minors’ sensitive personal data (as defined in the law) or display targeted advertising to them.  The law does not require age verification, and restrictions apply only where a social media platform has actual knowledge of a user’s age.
  • Louisiana Secure Online Child Interaction and Age Limitation Act.  This Louisiana law also becomes effective on July 1, though enforcement has been stayed until December 19, 2025, as part of ongoing litigation.  Among other provisions, it requires parental consent for a minor under the age of 16 to create an account on a social media platform, prohibits advertising to U16 minors using personal information other than the minor’s age and location, and requires social media platforms to restrict adults from sending direct messages to a U16 minor unless they are already connected on the platform.  The law also requires that social media platforms make certain account supervision features available to parents, as well as the ability to set screen time limits and scheduled breaks.  The law requires that social media platforms make “commercially reasonable efforts” to verify the ages of account holders and determine whether they are U16 minors, or otherwise apply limitations required for minors to the accounts of all users.
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey Tonsager
Show more Show less
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie Canter
Show more Show less
Photo of John Bowers John Bowers

John Bowers is an associate in the firm’s Washington, DC office. He is a member of the Data Privacy and Cybersecurity Practice Group and the Technology and Communications Regulation Practice Group.

John advises clients on a wide range of privacy and communications issues…

John Bowers is an associate in the firm’s Washington, DC office. He is a member of the Data Privacy and Cybersecurity Practice Group and the Technology and Communications Regulation Practice Group.

John advises clients on a wide range of privacy and communications issues, including compliance with telecommunications regulations and U.S. state and federal privacy laws.

Read more about John Bowers
Show more Show less
Photo of Bolatito Adetula Bolatito Adetula

Tito Adetula is an associate in the firm’s Washington, DC office. She is a member of the Data Privacy and Cybersecurity Practice Group and the Government Contracts Practice Group.

Tito also maintains an active pro bono practice focused on data privacy and cybersecurity matters.

Read more about Bolatito Adetula