Skip to content

First-of-Its-Kind: Teen Privacy Law Passes in Arkansas

May 12, 2025

On April 22, 2025, Arkansas enacted the Arkansas Children and Teens’ Online Privacy Protection Act (HB 1717, Act 952), making it the first state to expand core federal children’s privacy protections to teens. The law, effective July 1, 2026, applies to for-profit websites, online services, apps, and mobile applications that are directed to children (under 13) or teens (ages 13-16), or that have actual knowledge they are collecting personal information from these groups.

The Act establishes a two-tiered framework: parental consent is required to collect personal information from children, while either the teen or their parent may consent in the case of users aged 13 to 16. Operators must also provide clear notice of their data practices, respect deletion and correction requests, and implement reasonable security measures. The statute broadly defines personal information to include not only contact details and identifiers, but also biometric data, geolocation, and any information linked or reasonably linkable to a child, teen, or parent.

The law prohibits targeted advertising to minors using their personal information and limits data collection to what is necessary for the specific service or transaction. Operators are not required to implement age verification, but are expected to comply where they have actual knowledge of a user’s age. Importantly, enforcement authority is vested exclusively in the Arkansas Attorney General; the law does not create a private right of action.

HB 1717 reflects growing state-level momentum to address youth privacy concerns amid the absence of federal privacy reform. Businesses that operate online platforms accessible to Arkansas users, particularly those relying on personalized advertising or handling sensitive data, should evaluate their compliance posture now to prepare for the law’s 2026 effective date.

Varnum’s Data Privacy Practice Team is available to help your organization assess its obligations under Arkansas’ new law, align with regulatory requirements, and develop a compliant data strategy.

Featured Authors

Featured Author

Bhashit (Sheek) Shah

Partner

Sheek advises clients on data privacy best practices and regulatory compliance. With experience in global privacy frameworks and laws including GDPR, CCPA and COPPA, he helps businesses build and implement compliance programs and manage data breaches.

Featured Author

Marisa K. McConnell

Associate

Marisa focuses on litigation and data privacy, with a focus on children’s privacy issues, regulatory and compliance challenges in the mobility sector, commercial business disputes and general litigation matters.

Sign up to be the first to access our leading legal insights.

The link you have selected will redirect you to a third-party website located on another server. We are offering the link for your convenience. Varnum has no responsibility for any external websites and makes no express or implied warranties about any external websites.

Please be aware that contacting us via e-mail does not create an attorney-client relationship between you and the firm. Do not send confidential information to the firm until you have spoken with one of our attorneys and receive authorization to send such materials.