Skip to content

It looks like we may have content for your preferred language. Would you like to view this page in English?

By clicking on the Submit button below, you are downloading the Loeb contact's vCard.
Error with download

Hashed & Salted: Vol. 4, Issue 2

Client Alerts/Reports

Hashed & Salted | A Privacy and Data Security Update

Welcome to the kids’ privacy issue of Hashed & Salted. 

Kids’ and teens’ privacy and online safety have been the topics of headlines, research and regulation for a few years now. In the absence of any success in enacting any of the federal legislation proposed over the past few years, states have largely stepped into the space. Currently, 19 states have enacted comprehensive privacy legislation that addresses the use or collection of information from minors, while another 20 and counting have one or more laws aimed at protecting children and teens online in some way, whether from the collection and use of their data, targeted behavioral advertising, or the use or overuse of social media or adult-oriented websites.

The Federal Trade Commission (FTC) has also displayed an unwavering focus on children’s and teens’ privacy. While the reshuffling of the agency after the change in the administration has brought with it some uncertainty, recent developments—including the long-awaited publication of the latest amendments to the Children’s Online Privacy Protection Act (COPPA) Rule—suggest that the focus may not shift too dramatically. 

In our first article, “Children’s Online Privacy in 2025: The Amended COPPA Rule,” associate Chanda Marlowe explores the federal landscape, including the FTC’s recent updates to the COPPA Rule, enforcement actions and attempts to pass federal legislation. 

In our second article, “Children’s Online Privacy in 2025: State Legislative Action,” partner Nerissa Coyle McGinn explores the various ways that states are attempting to legislate online safety for children and teens. 

And in keeping with our kids’ privacy theme, we’re excited to have a special spotlight with Ariel Fox Johnson, principal and founder of Digital Smarts Law & Policy LLC. 

In This Newsletter: 

Children’s Online Privacy in 2025: The Amended COPPA Rule

As the dust settles following the presidential administration changes earlier this year, we’re still reading the tea leaves on what happens next as we anticipate what actions regulators and legislators intend to take to protect children and minors. Here is a recap of significant children’s privacy updates thus far in 2025, including the Federal Trade Commission finally publishing final amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, and our predictions about what’s to come. 

Read more here.

Children’s Online Privacy in 2025: State Legislative Action

While we wait to see what shift, if any, the change in leadership in Washington, D.C., will have on children’s privacy at the federal level, we’re certain that states will continue their legislative focus in this space, whether through general privacy laws or laws directed specifically at protecting children and teens. 

Read more here.

Spotlight on Ariel Fox Johnson, Principal & Founder, Digital Smarts Law & Policy LLC

How did you develop your area of focus?

Privacy wasn’t really a thing when I was in law school—I don’t remember any classes about it, although Harvard’s Berkman Center was focused on technology and internet law writ large. I was interested in media law and in education, and took classes in IP and technology law and the First Amendment (with the late, great Charles Fried). When I graduated, I did a fellowship at USC on communications law and policy, focusing on how technology was upending markets, revenue streams for rights holders, the future of journalism, and what role the FTC could and should play. And I happened to be in the right place at the right time, because the FTC was also beginning its first major COPPA update. The big concern then was mobile phones. I think I read every single COPPA comment back in 2010—probably not something that is possible nowadays! I fell into kids’ privacy and fell in love with it at the same time—how to legally approach technological upheaval to society, the application of old (square) laws to new (round) situations, and how to protect vulnerable populations: kids and students. Their brains are wired differently than adults’ brains are.

I spent a number of years at Common Sense Media and embraced kids’ tech policy full time—often trying to improve privacy protections for kids. After having a hand in successfully passing numerous state privacy laws, from the California Consumer Privacy Act to student privacy protections—sadly, no federal ones—I went in-house, leading Zoom’s youth and education privacy work and seeing how those laws looked from the business perspective. I love privacy law because there are no easy answers and because it keeps changing—the legislation, the technology and increasingly the case law too. There is always something new to learn.

With respect to kids’ tech privacy issues, what’s on your radar? What issues are you watching most closely now?

Kids’ privacy may have been supplanted by online safety as the new hot topic. While there are still a bunch of privacy bills to track, there seem to be at least as many that seek to improve product design, or keep kids off social media or adult websites, or limit digital addiction, or all of the above. In the privacy-specific space, I’m most closely watching moves from opt-in/opt-out to flat-out bans on problematic practices like targeted behavioral advertising, or more stringent data minimization requirements. Maryland and New York passed protections in these areas last year. I’m also watching age-appropriate design codes—many of which require privacy by default—and how those are faring with court challenges. 

One question with any kids’ privacy law is, how are you going to scope the law? As it becomes the norm to include teenagers, questions about which sites will have to comply and how sites should distinguish adults from 17-year-olds can become increasingly complicated. Do sites need to have actual knowledge, or is constructive knowledge sufficient? Do you look at whether sites are actively targeted to youth? Audience metrics or advertisers? Will some type of age assurance be required? 

It can be instructive to see what international regulators are requiring on all of these issues, as many of them have moved first. I’m watching whether we will see continued importing of proposals from the U.K., the EU and elsewhere to the U.S. We’ve seen this with everything from the age-appropriate design code to the GDPR over the last decade. But lately there appear to be concerns about this, including reports that the U.S. federal government is questioning U.K. proposals like the Online Safety Code and U.S. judges are questioning the merit of lawmakers using models from places without the First Amendment.

Also, like the rest of the kids’ privacy world, I’m watching what will happen to the FTC’s January 2025 COPPA Rule, which was never published in the Federal Register. Among other things, I think it did some really nice and helpful—for children and businesses—work on detailing rules and responsibilities in the ed tech space.

What are your thoughts on the recent legislative approaches to protecting kids’ privacy? What’s working well, and what needs improvement?

I have long been a proponent of bipartisan efforts to update COPPA. I think teens need to be protected, and Congress needs to do that. I also appreciate that COPPA has offered flexibility for the FTC to update its rules to address new technology. This has allowed COPPA to remain useful, even more than 25 years after the law was passed. In general, we need to continue to move past laws grounded in notice and consent—especially in the ed tech space. The fiction of notice and consent becomes fantasy when we move into schools. Kids need strong default privacy protections that are built in from the ground up. 

When privacy moves into related issues like online safety, I think it is important to focus on issues like product features and design and not turn this into content battles.

Do you believe the state of kids’ privacy has improved since the onslaught of kids’ privacy legislation over the past few years?

Tough question! I want to believe it has. I certainly think teens’ privacy has improved—teens, outside of school, didn’t really have any additional protections before CCPA. And now it’s becoming more of the norm to protect teens not just up to 16 but to 17 or 18. Also, I think the strong general consumer privacy laws passed in some states improve everyone’s privacy, including children and teens. In addition, international efforts like the U.K. age-appropriate design code changed business practices internationally, including in the U.S. Companies being more aware of privacy because of laws at the state and international levels, or because of active enforcers, or because of increased concern from parents, and building in privacy by design—all of that makes for an improvement. 

At the same time, technology keeps changing. And AI is bringing huge shifts to how companies want to collect and use information and to consumers’— especially young consumers’— capacity to understand such uses. So it remains incumbent on all of us—policymakers, businesses and parents—to keep pushing forward.

Events Spotlight

  • Jessica Lee, Loeb’s chief privacy and security partner and chair of the firm’s Privacy, Security & Data Innovations practice, ran the “Critical Privacy Concepts in Advertising, Sales and Marketing Technology” workshop on April 22 at the IAPP Global Privacy Summit 2025 in Washington, D.C. 
  • Jessica Lee also presented “Privacy Law Considerations for Social Media and Mobile Apps” on April 17 at PLI’s Social Media and Mobile Devices 2025: Addressing Corporate Risks conference. 
  • In her role as Loeb’s chief privacy and security partner, Jessica Lee presented “Choosing the Right LLM Data Optimization in Legal Practices” on March 25 at LegalWeek NYC. 

In Case You Missed It

Moving Generative AI from Experimentation to Operation | Loeb & Loeb LLP

Technology & Sourcing partner Akiba Stern is featured throughout a Harvard Business Review article exploring the evolving landscape of generative artificial intelligence implementation—highlighting practical strategies, new and developing applications, and key considerations for successful deployment, with a focus on the importance of robust data governance frameworks.

Loeb Partners Kenneth Adler and Jessica Lee Named Among Lawdragon’s “100 Leading AI & Legal Tech Advisors” for 2025 | Loeb & Loeb LLP

Kenneth Adler, chair of the firm’s Technology & Sourcing practice, and Jessica Lee, Loeb’s chief privacy and security partner and chair of the firm’s Privacy, Security & Data Innovations practice, have been named to Lawdragon’s “100 Leading AI & Legal Tech Advisors” list for 2025. Now in its second edition, this guide represents “a collection of the finest minds in law and AI” who have been adept at integrating technology and artificial intelligence to optimize their advice and delivery of legal services.   

Contributions, Achievements and Observations of Outstanding Female Professionals – Women to Watch Part IV | Loeb & Loeb LLP

Jessica Lee, Loeb’s chief privacy and security partner and chair of the firm’s Privacy, Security & Data Innovations practice, is featured in ION Analytics’ seven-part series for International Women’s Day, discussing the expanding role of artificial intelligence in privacy and cybersecurity compliance.

Navigating Privacy and AI Under the Trump Administration: A Q&A with Privacy Expert, Jessica Lee | Loeb & Loeb LLP

Jessica Lee, Loeb’s chief privacy and security partner and chair of the firm’s Privacy, Security & Data Innovations practice, is featured in an AdMonsters Q&A article discussing the potential impact of President Donald Trump’s administration on consumer data privacy and artificial intelligence (AI) regulation. She outlines anticipated shifts in the FTC’s priorities, the growing complexity of state-level privacy and AI laws, and the administration’s expected emphasis on fostering innovation and reducing regulatory barriers.

Featured Loeb Quick Takes

Sign up for our Hashed & Salted newsletter by creating an account and selecting Privacy, Security & Data Innovation as your area of interest here.

Services associés

Professionnels associés

Regarde aussi

© 2025 Loeb & Loeb LLP
This Web site may constitute “Attorney Advertising” under the New York Rules of Professional Conduct and under the law of other jurisdictions. Your use of our Web site or its facilities constitutes your acceptance of the Terms of Use and Privacy Policy.