On December 18, 2025, Tennessee Attorney General Jonathan Skrmetti filed a civil lawsuit against online gaming giant Roblox Corporation, alleging that the platform has misled parents and exposed children to unsafe conditions while claiming it prioritizes safety. The action, brought under the Tennessee Consumer Protection Act (TCPA), underscores a widening movement among state attorneys general and privacy advocates to hold technology companies accountable when they fail to protect children’s privacy and safety online.
The complaint accuses Roblox of inviting children into a digital world with promises of creativity and play while allegedly allowing predators easier access to minors and reducing oversight and safety resources because of cost-cutting choices. “Roblox is the digital equivalent of a creepy cargo van lingering at the edge of a playground,” AG Skrmetti said in announcing the suit, asserting that the company has placed profits above child safety. }
Details of the Tennessee Lawsuit
The lawsuit charges that Roblox has misrepresented the safety of its platform and failed to implement adequate safeguards against known risks to children. The Tennessee AG’s office, joined by strategic litigation counsel, is seeking injunctive relief, attorney fees, civil penalties, and other remedies authorized under state law. The suit depicts a platform that has had “nearly 20 years to fix obvious safety flaws” yet allegedly chose to maintain practices that leave children vulnerable.
The legal action reflects growing concern among regulators that some popular digital platforms marketed to children may not be implementing basic protections, including proper moderation, parental controls, and transparent disclosures about risk. The case bandies terms like “dangerous” and “inadequate safeguards,” highlighting both safety and deceptive practice claims.
State Attorneys General Leading the Charge on Children’s Privacy Enforcement
Tennessee’s lawsuit is part of a broader pattern of enforcement and legislative action across the United States focused on children’s privacy and online safety. State AGs have increasingly used existing consumer protection, privacy, and children’s data laws to pursue companies that mishandle minors’ information or mislead families about risks.
For example, the Michigan Attorney General filed a lawsuit against Roku earlier in 2025, alleging that the streaming platform systematically collected, processed and disclosed personal information of children without required parental consent under the Children’s Online Privacy Protection Act (COPPA) and state law. The complaint claims Roku allowed third-party tracking and detailed data collection of children’s locations, browsing history and more — triggering both privacy and consumer protection concerns.
Similar enforcement efforts have been reported in other states. Florida authorities followed Michigan’s lead with litigation alleging Roku and similar platforms willfully collected and sold children’s personal data, including sensitive geolocation information, without proper notice or consent.
At the national level, the Federal Trade Commission (FTC) has also stepped up enforcement of COPPA and related children’s privacy safeguards, securing significant settlements with major technology firms — including multimillion-dollar actions against entertainment and technology companies that failed to implement appropriate protections. These actions send a clear message that children’s privacy is a regulatory priority and that enforcement is intensifying.
State Law Responses and Legislative Action
Around the country, state legislatures have enacted or are enforcing laws designed to protect minors online. Tennessee’s Protecting Kids from Social Media Act requires social media platforms to verify age and obtain parental consent before allowing minors under 18 to create accounts, as well as enabling parents to supervise and control account settings. This law took effect on January 1, 2025 and has faced legal challenges from industry groups.
Other states, such as New York, have implemented comprehensive child data protection laws that restrict collection, use and sharing of personal data from users under 18 without consent and require clear safeguards and transparency. Guidance from New York’s AG clarifies enforcement priorities under these frameworks and how companies should comply.
Across the U.S., state attorneys general have also rallied behind broader efforts to combat online harms to children. In August 2025, a bipartisan coalition of 44 state AGs issued a strongly worded letter to major artificial intelligence firms — including Meta, Google, Apple, Microsoft and OpenAI — warning that if they fail to implement robust safeguards and knowingly expose children to harm via AI and digital services, they will face legal action under applicable state laws.
Privacy Experts Emphasize the Stakes
Privacy scholars and advocates note that children’s data and experiences online merit special legal and policy treatment because minors may lack the capacity to fully understand or consent to complex data practices. Comprehensive enforcement actions by state AGs — including lawsuits and legislative defense briefs — highlight the imperative to align corporate practices with both the statutory text and the broader public interest in protecting young people.
Industry responses to these enforcement efforts vary, with some companies contesting allegations or pointing to existing compliance practices, while privacy experts encourage proactive measures such as rigorous age verification, robust parental controls, clear data minimization strategies, and third-party auditing of child-facing systems. The aim is to ensure children’s privacy rights are respected in an era of pervasive digital services and data collection.
Children’s Privacy Enforcement Trends
- Tennessee AG filed a high-profile lawsuit against Roblox for allegedly misrepresenting safety and failing to protect minors.
- Michigan and Florida AGs have sued Roku for alleged privacy violations involving children’s personal data.
- State laws like Tennessee’s Social Media Act and New York’s Child Data Protection Act impose stricter requirements on platforms.
- Federal COPPA enforcement remains active, with FTC settlements signaling ongoing priority on children’s data.
- Coalitions of state AGs are demanding tech firms take stronger steps to guard children against online harms, including data misuse and AI-related risks.
Tennessee Privacy Laws For Children
Tennessee’s lawsuit against Roblox reflects a broader enforcement landscape in which state attorneys general and privacy regulators are increasingly willing to challenge companies over failures to protect children’s privacy and safety online. As digital platforms evolve and collect more data from younger users, the interplay between consumer protection, privacy law and emerging legislative frameworks creates powerful incentives for companies to build stronger safeguards. For parents, educators, and technology companies alike, the message is clear: protecting children’s rights online is both a legal obligation and a societal imperative backed by persistent enforcement action.
