Concord Privacy News: 7/15/25

Major Privacy and Social Media Laws Take Effect This July

The digital privacy landscape is about to shift significantly as several new state laws governing data protection and minors' social media use come into effect this July. Businesses and platforms operating across multiple states will need to navigate a complex web of new compliance requirements.

Two New Comprehensive Privacy Frameworks Launch

On July 1st, the Tennessee Information Protection Act (TIPA) joined the growing roster of state privacy laws modeled after Virginia's framework. The law casts a wide net, applying to businesses that process personal data from at least 175,000 Tennessee consumers annually—or just 25,000 consumers if the business makes over half its revenue from selling personal data.

Tennessee residents gain familiar rights to access, delete, correct, and transfer their personal data, plus the ability to opt out of targeted advertising, data sales, and profiling. What sets TIPA apart is its requirement for opt-in consent when processing sensitive data and mandatory data protection assessments for high-risk processing activities. Violators get a 60-day cure period before the Tennessee Attorney General can take enforcement action.

Minnesota Adds Its Own Twist

The Minnesota Consumer Data Privacy Act follows on July 31st with its own Virginia-inspired approach, but includes some distinctive features. The law provides additional consumer rights around automated decision-making and requires more detailed compliance documentation from businesses. Interestingly, Minnesota refers to "specific" rather than "precise" geolocation data, focusing on accuracy to geographic coordinates or street addresses rather than the broader precision standards used elsewhere.‍

‍

Social Media Platforms Face New Rules to Protect Minors

Georgia Requires Parental Consent

Georgia's Protecting Children on Social Media Act launched July 1st with strict requirements for platforms serving minors under 16. Parents must consent before their children can create accounts, and platforms must provide these parents with an overview of content moderation features. The law also prohibits targeted advertising to users under the age of 16 based on personal information beyond age and location.

Platforms face a compliance challenge: they must make "commercially reasonable efforts" to verify users' ages and identify minors, or alternatively apply minor-focused restrictions to all users. Legal challenges are already underway.

Louisiana Takes a Dual Approach

Louisiana implemented two separate social media laws on July 1st, creating a comprehensive framework for minor protection.

House Bill 577 restricts how platforms can process personal data from users under 18. Covered platforms cannot sell minors' sensitive personal data or display targeted advertising to them—but only when they have actual knowledge of the user's age, as the law doesn't mandate age verification.

The Secure Online Child Interaction and Age Limitation Act goes further, requiring parental consent for users under age 16 and adding messaging restrictions that prevent adults from directly contacting minors unless they're already connected on the platform. Parents get access to account supervision tools and can set screen time limits. However, enforcement of this law has been stayed until December 19, 2025, due to ongoing litigation.

‍

What This Means for Businesses

Companies operating across state lines now face an increasingly complex compliance landscape. Each state's privacy law comes with its own thresholds, definitions, and requirements, while social media platforms must implement age verification systems and parental consent mechanisms that vary by jurisdiction.

The July effective dates mark just the beginning—more states are expected to enact similar legislation throughout 2025, making comprehensive privacy and age verification strategies essential for any business handling consumer data or serving minor users online.

‍

Other Privacy News of Note

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security. "The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use," the CAO said in a memo. Read more.

Many Data Brokers Aren’t Registering Across State Lines, Privacy Groups Say

Hundreds of companies registered as data brokers in one U.S. state are not recognized as such in other states with similar disclosure laws, according to a new analysis by the Privacy Rights Clearinghouse and the Electronic Frontier Foundation. The country has a data broker problem, with few meaningful laws at the federal or state level to curb the mass collection and resale of Americans’ data. These brokers are typically third-party companies that mine the internet, buy customer data from other businesses and otherwise acquire information on hundreds of thousands or millions of Americans with whom they’ve never directly done business. Read more.