Late last week brought some state-level laws.
Arkansas signed into law the Social Media Safety Act that takes effect in September, aimed at giving parents more control over their kids’ social media usage. The bill imposes a minimum age for social media usage. Yet, it also appeared to contain vast loopholes and exemptions benefiting companies that lobbied on the bill and raising questions about how much of the industry it truly covers. Utah passed a similar law last month.
Montana is moving forward with trying to pass a bill banning TikTok that was introduced in February, and the State Senate approved it last month, and the state House passed it last week. The states aren’t unaware of the issue — Montana’s attorney general, Austin Knudsen, whose office drafted the bill, acknowledged that enacting a state TikTok ban would be difficult.
“We’re under no illusions that this is not going to get challenged,” he said in an interview. “I think this is the next frontier in First Amendment jurisprudence that’s probably going to have to come from the U.S. Supreme Court. And I think that’s probably where this is headed.”
Meanwhile, in laws that will be enforceable, Europe’s national privacy group, the European Data Protection Board, has set up a task force over ChatGPT.
Why do we care?
The US’s lack of federal privacy regulations is starting to show its problematic side. Why we care is that a patchwork of poorly written state laws is far worse than even a badly written single federal one. For providers, that creates a patchwork of difficult-to-track data management laws that will be more challenging.
Versus the Europeans, who have leaned into being organized. A tale of two legal precedents to track.

