On Monday, the Supreme Court declined to block Texas’s App Store Accountability Act, letting the state require age verification and parental consent before minors can download apps while litigation continues in lower courts. For now, app store owners and app developers serving Texans will need age-assurance infrastructure in place.
This ruling matters beyond Texas. More than a dozen states have introduced similar app-store-level verification laws, and unlike site-level age gates, they push the compliance burden upstream to Apple and Google—meaning it radiates out to every app in their stores, privacy-conscious or not. It’s the same paradox we flagged with the KIDS Act last week: meaningful age assurance requires collecting more data, not less. The difference now is that states, not just Congress, are building that infrastructure—and doing it state by state, with no two laws defining “verification” the same way.
Privacy advocates may cry foul at any overarching age verification legislation, but the patchwork approach is almost certainly worse. Without a standard approach, it’s almost certain that businesses will over-collect data for verification. That means any breaches will be more impactful, exposing children’s data that didn’t need to be collected in the first place.
If that’s something you’d like to keep on your radar, our Privacy Enforcement Tracker is a good place to watch for the latest data breaches, among other privacy developments.
Best,
Arlo
Highlights From Osano
In Case You Missed It...
Blog: What Is CIPA, and Why Is Your Website Getting Sued?
A law firm just audited your website. There wasn’t any advance notice, you didn’t know there was anything to audit. Nevertheless, now there's a demand letter in your inbox. What now?
On-Demand Webinar: Privacy Enforcement 2026: Regulators’ Focus and Compliance Priorities
2026 is more than halfway through, but it feels like a year’s worth of data privacy developments have already transpired—and there’s already more on the horizon. Join Osano’s Senior Privacy Program Manager Ashley Fowler and Red Clover Advisors’ Jodi Daniels for a webinar that’ll clarify the complexity of 2026’s privacy enforcement and compliance.
Events
Opted Out. Still Tracked. The Marketing & Consent Webinar Series
A three-part series exploring the practically universal problem of marketing data trackers continuing to fire even after consumer opt outs. Learn why 79% of websites have broken opt-outs in part one, “Your Consent Banner Is Lying to You” on July 16; how to fix broken opt-outs in part two, “A Blueprint for Simple, Compliant Data Collection” on July 23, and see how it all comes together in part three, “A Real-World Audit of Consent Gone Wrong/Right” on July 30.
Top Privacy Stories of the Week
SCOTUS Clears Texas to Enforce App-Store Age Verification Law
Recently, the Supreme Court declined to block enforcement of Texas's App Store Accountability Act while the state appeals a lower court decision striking it down. The law requires app stores—Apple and Google—to verify user ages, collect parental consent before minors can download apps, and create parental control tools. The justices let the law take effect without explanation, meaning app stores and developers serving Texas users needs age-assurance systems in place now.
Meta Discloses States Seek $1.4 Trillion in COPPA/Youth-Safety Penalties
In a court filing this week, Meta revealed that a coalition of state attorneys general is seeking approximately $1.4 trillion in civil penalties in connection with claims that Instagram and Facebook harmed minors in violation of COPPA and various state consumer protection laws. The figure—calculated by multiplying alleged per-violation penalties across billions of interactions—reflects the scale of coordinated state enforcement against social platforms and the potential liability companies face under state youth-safety laws.
Bankruptcy Judge Approves $46.75M 23andMe Breach Settlement
A federal bankruptcy judge approved a $46.75 million settlement resolving class action claims stemming from the 2023 23andMe data breach, which exposed genetic and ancestry data of nearly seven million customers. The settlement comes as 23andMe navigates bankruptcy proceedings after the breach and subsequent business collapse. Class members can receive compensation based on what personal data was exposed, with enhanced payments for those whose health predisposition data was compromised.
Reno Police Sued Over Thousands of Wrongful Arrests Tied to Facial Recognition
A federal lawsuit alleges that Reno police have made thousands of unlawful arrests based solely on facial recognition matches—without any corroborating evidence. The suit centers on Jason Killinger, who was arrested despite showing officers a Nevada ID proving he was not the person the system flagged. In a January 2026 deposition, the arresting officer admitted the arrest “never should have happened.” A judge has since allowed the City of Reno to be added to the suit, citing a complete absence of any departmental policy governing the technology’s use.
California’s CIPA Reform Clears Committee, But Businesses Shouldn’t Celebrate Yet
California’s SB 690—once heralded as the most significant overhaul of the California Invasion of Privacy Act in decades—passed the Assembly’s Privacy and Consumer Protection Committee on July 1, but in significantly narrowed form. The bill now heads to Appropriations, with the legislature’s August 31 adjournment as the deadline.
Like What You See in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
đź“– The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert
Arlo Gilbert
Arlo Gilbert is the CIO & co-founder of Osano. A native of Austin, Texas, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
