惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

Future of Privacy Forum

Navigating Cross-Border Data Transfers in the ASEAN Region: An Analysis of Developments from 2023 to 2026 FPF Submits Comments to Inform California Children’s Social Media Protections Rulemaking Process Mandating “Evidence-Based” Suicide Detection in Chatbots Data Brokers & Beyond: Navigating New Jersey’s Data Broker & “Data Collector” Registration Law - Future of Privacy Forum FPF Hosts Frontiers Workshop on Privacy, AI, and Emerging Infrastructure FPF’s 2026 DC Privacy Forum: Leading Voices in AI, Privacy and Emerging Technology Understanding Data Embassies and Corridors Perseverance Pays Off for Vermont Privacy Efforts Future of Privacy Forum Announces 2026 Career Achievement Award Recipients - Future of Privacy Forum Future of Privacy Forum Releases Comprehensive Report On Algorithmic Personalization in Youth Online Experiences Frontier AI Goes Federal: How the Great American AI Act Compares to State Laws Privacy Becomes You, Bayou State: A Look at the Louisiana Data Privacy Act No Silver Bullet, But a Silver Lining? PETs and International Data Transfers Career Choice in the AI Age: What Next for Privacy and Data Professionals? FPF Releases Practitioner Guides on Privacy Enhancing Technologies for Education Stakeholders SB 5 in Five: What to Know About Connecticut’s New AI Law Third Time’s the Charm: Connecticut Enacts Annual Privacy Update - Future of Privacy Forum Colorado Revises Its AI Act: What Changed and Why The EU Commission’s Approach to Age Verification: Mobile Apps, DSA Enforcement, and Challenging National Social Media Bans Taking stock: The Impact of the India AI Impact Summit 2026 The New(ish) Architecture of Consumer Health and Artificial Intelligence Celebrating Another Year of Privacy and AI Governance: FPF at the 2026 IAPP Global Summit - Future of Privacy Forum Adapting the Privacy Profession to Changing Times More Parties, More Risks, More Opportunity? Evolving Governance to Support Cyber Resilience Amidst Evolving Policy and Technological Change Contextualizing the Proposed SECURE Data Act in the State Privacy Landscape FPF on the Securing and Establishing Consumer Uniform Rights and Enforcement Over Data ("SECURE Data") Act The Alabama Personal Data Protection Act Brings Consumer Privacy to the Heart of Dixie The Price is Right: Responsible Uses of Personal Data in Pricing Red Lines under the EU AI Act: Restricting Real-time Remote Biometric Identification Systems for Law Enforcement Purposes The Rest of the West: Oregon and Washington Build on California Chatbot Law Red Lines under the EU AI Act: Understanding the prohibition of biometric categorization for certain sensitive characteristics 2026 Chatbot Legislation Tracker Red Lines under EU AI Act: Unpacking the prohibition of emotion recognition in the workplace and education institutions Privacy Protections Coming Sooner Rather Than Later to the Sooner State Navigating Autonomy and Privacy in Emerging AgeTech: Insights from the FPF Roundtable Incentives or Obligations? The U.S. Regulatory Approach to Voluntary AI Governance Standards Red Lines under the EU AI Act: Understanding the ban of the untargeted scraping of facial images and facial recognition databases
Comparing Enacted App Store Accountability Acts - Future of Privacy Forum
Daniel Hales · 2026-06-04 · via Future of Privacy Forum

Policy Counsel for U.S. Legislation

On May 28, 2026, the 5th Circuit granted a stay on the preliminary injunction blocking enforcement of Texas’s App Store Accountability Act (ASAA)—meaning the law is now in effect while litigation on the merits continues. In 2025, Utah, Texas, and Louisiana enacted App Store Accountability Acts (ASAAs) which impose novel and significant age assurance obligations on app store providers and app developers. These laws require account holder age verification and parental consent for minors at the app store level, with age band and consent data transmitted between the two parties via bespoke “age signals.” Texas’s law was the first scheduled to go into effect on January 1, 2026. Before the law took effect, however, two groups filed suit challenging its constitutionality on First Amendment grounds. In December 2025, a federal judge issued a preliminary injunction blocking the law, finding it more likely than not an unconstitutional content-based regulation. Attorney General Paxton quickly appealed this decision to the 5th Circuit seeking a stay on the injunction, which was subsequently granted last week. 

The uncertain constitutional outlook of ASAAs puts compliance teams in a difficult position. Moving slowly risks liability if the laws survive legal challenge; moving quickly risks sunken compliance costs if ASAAs are ultimately struck down—costs that could have otherwise been diverted to other important trust and safety priorities. While Utah’s, Texas’s, and Louisiana’s laws impose broadly similar obligations on app store providers and developers, important distinctions will shape how companies ultimately achieve compliance. Amendments to Utah’s and Louisiana’s laws in 2026 further shape the developing obligations in each state. FPF created a comparison chart detailing the key terms, scope, and core obligations of these laws, including changes incorporated by 2026 amendments. The chart also includes an Appendix detailing current information about Developer APIs released publicly by app stores to aid developers as these requirements go into effect. 

Key takeaways from this resource include:

  • Scope: These laws apply broadly to apps publicly available to consumers for download in an app store with very narrow exceptions, such as for settings apps or essential device drivers, and no wholesale exemptions from application. Uniquely, Louisiana also applies to apps that are available for download from an app store onto connected devices.
  • Obligations: These laws require app store providers to implement age verification and obtain parental consent for minor account holders making purchases, downloads, in-app transactions, or significant account changes. Utah and Louisiana extend this requirement to a minor’s first-time access to many pre-loaded apps. Developers must request and receive age signals from app stores, use that data to manage minor access, and implement appropriate safety features. Utah and Louisiana add notable nuances for developers, such as allowing them to request that app stores block minor access to their apps entirely, or permitting reliance on a primary account holder’s age data for “family account apps.”
  • Enforcement: Private rights of action (PRAs) are a trending enforcement mechanism in ASAA models. While Utah relies solely on a PRA for enforcement, Texas’s law only allows a PRA through incorporated references to the Deceptive Trade Practices Act (DTPA). Louisiana is the only law that  does not include a PRA.

The ASAA trend has continued into 2026 with Alabama enacting a new ASAA law back in February. Alabama’s law largely tracks with the ASAA models in Utah and Louisiana following their 2026 amendments. As ASAA legislation and litigation continues to develop, the 5th Circuit’s stay on injunction means that compliance teams must figure out how to navigate this growing thicket of app store age signals and online safety requirements in the meantime.