Briefs Blast Compliance Burdens, Praise Protection of Texas App Store Law
Some supported a Texas app store age-verification law, while others criticized its constitutionality and regulatory hurdles in amicus briefs filed last week at the U.S. District Court for Western Texas (case 1:25-cv-01660).
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The Computer & Communications Industry Association’s (CCIA) seeks a preliminary injunction against the Texas App Store Accountability Act (SB-2420), which requires that app stores verify users' age to ensure kids younger than 18 can't download certain apps or make in-app purchases without parental consent. It's set to become effective Jan. 1.
CCIA argues that the law is unconstitutional (see 2510160034). Texas Attorney General Ken Paxton (R) disagrees (see 2511200039). Judge Robert Pittman is set to hear oral argument on CCIA's request for a preliminary injunction Tuesday at 10 a.m. CT (see 2511240040).
A joint brief from the National Retail Federation (NRF) and the Texas Retailers Association said it would result in “the very types of content-based regulations that have been repeatedly and recently struck down by courts nationwide for violating the First and Fourteenth Amendments.”
It places “onerous compliance burdens on retailers, including compelled data collection and vague, impractical age verification measures” that will harm businesses in Texas, they added.
Additionally, it implicates the federal COPPA law, which has “a pro-privacy structure” and urges companies “to minimize the data they collect about users to avoid collecting minors’ data." The Texas Act requires retailers and others “to collect and process information about their customers’ age they have no interest in collecting.”
These businesses then must create compliance programs for the Texas law as well as COPPA, which, paired with the “compelled data collection,” is “costly and unnecessary.”
ACT | The App Association also emphasized the law's compliance burdens in a brief filed Dec. 9. Whether intentional or not, the Texas law "puts app developers between a new rock and an existing hard place: the federal" COPPA and the state law's regulations.
Businesses covered by COPPA are required to provide “a mechanism for verifiable parental consent (VPC) for collecting and processing children's data" and create a method for parents “to access or delete their child’s data and revoke VPC,” among other things. But to determine if a minor is downloading an app, as the Texas law would require, businesses “would necessarily begin collecting data on the minor, such as IP address and device ID,” which COPPA considers personally identifiable information (PII).
Media groups the Reporters Committee for Freedom of the Press, Student Press Law Center, Advance Publications, Associated Press and the New York Times said “the Act interferes with the activity at the center” of news organizations. In their brief, they said it “effectively renders news app content presumptively off limits to minors,” and is a burden on First Amendment rights.
The Chamber of Progress argued it will “diminish speech and leave young Texans less safe and informed.” SB-2420’s age-rating requirements “compel speech,” which violates the First Amendment, and therefore should be blocked.
In a press release Monday, CCIA senior VP and director of the association’s litigation center Stephanie Joyce said the association at oral argument Tuesday will “show the judge that this law is unconstitutional and should not take effect.” Joyce added, “It is a deeply flawed statute that the Court should block under the First Amendment.”
But an amicus brief from both the Digital Childhood Institute and the National Center on Sexual Exploitation said CCIA “mischaracteriz[es]” the Act, which, they added, is aimed at protecting consumers and complying with child protection statutes.
App stores already “collect age or age-range data for their users,” their brief said. In addition, the groups cited a “significant information imbalance” that puts minors at risk by allowing platforms to "withhold material facts and lead developers to treat every user as an adult.” This in turn may subject children to “data-collection practices that can violate COPPA.” It could also allow children access to apps that “voluntarily restrict minors,” as the app store is keeping age information away from the app itself.
The two groups said the FTC has documented “recurring failures by app stores,” including apps directed at children with inaccurate age ratings, a lack of parental consent and “distributing apps that collect sensitive data in violation of COPPA because app developers are unaware the end user is a child, even though the app store is fully aware.” They argue SB-2420 will fix these issues.
The Coalition for a Competitive Mobile Experience, an association of app developers, said the state law is "a workable, commercially reasonable approach" that "standardizes obligations" and "clarifies" responsibility for app stores and developers. No new technology is required, as similar systems have already been developed to comply with related laws, such as COPPA, they added.
Two technology scholars, Meg Leta Jones and Joel Thayer, submitted a joint brief, opposing a preliminary injunction. Not only does the state have a “compelling interest in protecting minors,” but “every moment without protective measures,” such as those in SB-2420, “leaves Texas children exposed to harms that are concrete, documented, and, in many cases, catastrophic.”
Further, the compliance costs CCIA and others allege are “overstated” and “largely self-inflicted by business models designed to maximize child engagement,” the scholars said. And even if there were true costs, they “cannot outweigh Texas’s compelling interest in protecting children and families.”