For years, state privacy enforcement in the United States was often discussed as though California would be the unquestioned center of gravity.
That assumption no longer holds.
If California built the rulebook, Texas is increasingly becoming the state most willing to weaponize enforcement.
Attorney General has quietly assembled one of the most aggressive state-level privacy and consumer data enforcement campaigns in the country, targeting everything from smart televisions and automotive telematics to children’s apps, facial recognition, AI-related surveillance, and large-scale consumer profiling.
His latest action against makes one thing clear: Texas is no longer merely participating in privacy regulation. It is attempting to define it.
LG Settlement: Privacy Inside the Living Room
The latest move centers on smart televisions, one of the most overlooked surveillance surfaces in the modern home.
Texas secured a settlement with LG over allegations involving Automated Content Recognition, or ACR, the controversial tracking technology embedded in many connected televisions.
For consumers unfamiliar with ACR, the technology functions as a passive observation layer. It can monitor what appears on a television screen, match viewed content against databases, and generate detailed viewing profiles for advertising, analytics, and behavioral monetization.
In practical terms, that means a television can become a data collection endpoint sitting inside a private residence.
Texas alleged that LG collected viewing data without sufficiently informed consumer consent.
Under the settlement, LG must:
- Stop collecting viewing data through ACR without informed consent
- Push smart TV software updates that present clear disclosure pop-ups
- Create simplified opt-out mechanisms
- Expand disclosure obligations on its website
- Restrict certain categories of viewing data transfers
The political messaging was unmistakable. Paxton framed the issue not simply as consumer privacy, but as surveillance risk within Texans’ homes.
That framing matters because it expands privacy enforcement beyond technical compliance and into sovereignty, household autonomy, and geopolitical risk narratives.
This Was Not an Isolated Action
The LG matter is part of a broader enforcement campaign focused on connected television surveillance.
Texas previously secured a similar settlement with Samsung over smart television data collection practices.
Meanwhile, litigation remains active against Sony, Hisense, and TCL.
This suggests a deliberate market-wide enforcement theory rather than a one-off action against a single company.
The message to connected device manufacturers is straightforward: privacy disclosures buried in onboarding flows or bundled consent mechanics may no longer survive Texas scrutiny.
The GM Telematics Case Changed the Stakes
If smart televisions raised privacy concerns inside the home, Texas’ action against General Motors moved the fight into vehicles.
Texas sued over allegations that the company collected and monetized sensitive driving data without adequate consumer awareness.
The allegations centered around telematics data, including driving behavior, location intelligence, and vehicle-generated behavioral signals.
The legal theory was powerful because it challenged a foundational assumption in connected mobility: that buried disclosures and enrollment mechanisms are enough to justify large-scale behavioral monetization.
Modern vehicles increasingly operate like mobile data centers.
Texas is making clear that this transformation carries enforcement consequences.
Google’s Historic Biometric Settlement
One of Paxton’s most financially significant privacy victories came in biometric enforcement.
Texas extracted a $1.4 billion settlement from over allegations involving unlawful biometric and location tracking practices.
The claims involved facial geometry data, geolocation collection, and private search behavior.
That case demonstrated that Texas was willing to pursue privacy enforcement not merely as injunctive compliance reform, but as a major monetary deterrence mechanism.
For compliance teams, that changed the calculus immediately.
Texas was no longer viewed as merely issuing warnings.
Meta and Facial Recognition Enforcement
Before Google, Texas secured another landmark result against
The state obtained a $1.4 billion settlement tied to allegations involving unauthorized biometric data collection through facial recognition technologies.
That litigation reinforced Texas’ willingness to aggressively use biometric privacy statutes in ways rivaling or exceeding Illinois’ historically aggressive biometric enforcement environment.
The implications extend well beyond social media.
Any business using facial recognition, identity verification tools, biometric authentication, behavioral profiling, or AI-enhanced recognition technologies should view Texas as a major enforcement jurisdiction.
Children’s Privacy Is Becoming a Major Front
Texas has increasingly focused enforcement attention on minors’ data.
The Attorney General recently sued Netflix over allegations involving unlawful collection of children’s data.
This follows broader national pressure around youth privacy, algorithmic targeting, app design, and platform accountability.
For product teams, this is especially important because child-focused privacy enforcement often expands beyond straightforward disclosure questions into design practices, profiling restrictions, retention questions, and default settings.
That creates meaningful exposure for streaming platforms, gaming ecosystems, edtech providers, creator products, and social applications.
Data Brokerage and Consumer Surveillance
Texas enforcement has also reflected growing skepticism toward data brokerage and large-scale consumer surveillance models.
That skepticism aligns with broader national political momentum around limiting invisible consumer profiling.
The legal framing increasingly focuses on whether consumers genuinely understood what was being collected, who received the data, and how monetization occurred.
That matters because many traditional digital advertising and analytics assumptions were built around expansive disclosure language rather than truly informed consent.
Cybersecurity Enforcement Is Quietly Embedded in the Privacy Push
Although many Paxton actions are framed publicly as privacy cases, cybersecurity obligations sit just beneath the surface.
Privacy enforcement increasingly overlaps with cybersecurity when regulators ask:
- How was the data collected?
- Was access properly controlled?
- Was retention justified?
- Who received downstream access?
- Were security safeguards sufficient?
- Could foreign actors gain access?
This is especially visible in cases involving connected devices, vehicles, cloud services, and large-scale behavioral analytics.
The practical reality is that privacy compliance now often requires defensible cybersecurity architecture.
Why Texas Enforcement Feels Different
California’s privacy ecosystem often emphasizes regulatory interpretation, administrative rulemaking, consent design, and compliance frameworks.
Texas enforcement feels structurally different.
The posture is more prosecutorial.
The messaging is sharper.
The political framing often blends privacy, child safety, anti-surveillance themes, and national security concerns.
And critically, the targets are not limited to obvious privacy companies.
Automakers, television manufacturers, AI-enabled businesses, social media companies, streaming services, and hardware manufacturers are all now squarely within scope.
What Businesses Should Do Now
Companies with Texas consumer exposure should assume enforcement expectations are rising.
Priority areas include:
- Consent architecture reviews
- Connected device telemetry audits
- ACR and behavioral monitoring disclosures
- Biometric data inventory mapping
- Children’s privacy risk assessments
- Third-party data sharing governance
- Vendor contract reviews
- Cross-border data transfer analysis
- Retention minimization
- Consumer rights workflow readiness
Privacy notices alone will not be enough where operational behavior contradicts consumer expectations.
The Bigger Trend
Texas is building a distinct privacy enforcement identity.
It is less focused on privacy as abstract governance theory and more focused on privacy as an enforcement weapon against surveillance, opaque monetization, and perceived consumer deception.
That shift should get the attention of boards, general counsel, privacy officers, and product executives alike.
Because the question is no longer whether Texas will enforce privacy law aggressively.
It already is.
