直 Japanese PDF Font
  • Our Professionals
  • Our Work
  • Our Insights
  • Offices
  • Firm
  • Careers
Finnegan
  • Articles & Books
    • Ad Law Buzz Blog
    • At the PTAB Blog
    • European IP Blog
    • Federal Circuit IP Blog
    • INCONTESTABLE® Blog
    • Prosecution First Blog
  • Events & Webinars
  • IP Updates
  • Podcasts
    • AI + Finnegan
    • AI + Copyright
    • AI + Patent
    • AI + Privacy
    • AI + Trade Secrets
    • AI + Trademark
  • Unified Patent Court (UPC) Hub

Article

Data Privacy Enforcement in Texas Is Under Way—Is Your Business Ready?

June 30, 2025

By Lynn Parker Dupree; *Yaoyu Tang

  1. Escalated Enforcement Under TDPSA: Since the Texas Data Privacy and Security Act took effect in 2024, the Texas Attorney General has aggressively enforced a broad suite of privacy laws, targeting companies across industries with investigations, penalties, and long-term oversight.

  2. Widespread Business Impact: Enforcement actions have already affected over 100 companies, including automakers and tech startups, for alleged violations ranging from unauthorized data sales to deceptive marketing, signaling that no entity or industry is exempt from scrutiny.

  3. Urgent Compliance Imperative: Businesses collecting data from Texas residents must immediately audit data practices, update privacy policies, obtain proper consent, and implement robust opt-out mechanisms to mitigate legal and reputational risk.

Since the Texas Data Privacy and Security Act (TDPSA) took effect in 2024, privacy enforcement in the Lone Star State has escalated rapidly and aggressively. The Texas Attorney General’s office is now pursuing alleged violations with a level of intensity we haven’t seen before. The office launched a data privacy and security initiative designed to enforce the suite of Texas privacy laws, including the Data Privacy and Security Act, the Identity Theft Enforcement and Protection Act, the Data Broker Law, the Biometric Identifier Act, the Deceptive Trade Practices Act, as well as the federal Children’s Online Privacy Protection Act and the Health Insurance Portability Protection Act.[1] From social media platforms to insurers, automakers, and early-stage startups, businesses are facing sweeping investigations, crushing penalties, and long-term court oversight.

If you’re collecting data from Texas residents, even indirectly, you are now part of the risk landscape. This isn’t a warning. It’s already happening. So, ask yourself: is your business ready?

Who’s Already Been Hit?

  • Multiple car manufacturers are under a sweeping investigation for allegedly violating the Deceptive Trade Practices–Consumer Protection Act by secretly collecting and selling drivers’ data without consent.[2]
  • 100+ companies received warning letters for allegedly violating Texas’s new Data Broker Law by failing to register.[3]
  • Pieces Technologies, a Dallas AI healthcare firm, agreed to a first-of-its-kind settlement after allegedly promoting its products with false claims. It’s now under a strict five-year compliance order.[4]

The message couldn’t be clearer: enforcement is broad, aggressive, and expanding fast. No one is too big—or too small—to escape scrutiny. If your privacy practices aren’t airtight, you could be next.

What You Can Do Right Now

Audit Your Data Practices Now.

Know exactly what data you collect, how it’s stored, who can access it, and whether it’s being shared or sold.

Update Your Privacy Policies and Disclosures.

Regularly review and revise your privacy notices to ensure they accurately reflect how you collect, use, and share data.

Obtain Consent.

Ensure you obtain clear, informed, and affirmative consent from consumers when collecting sensitive data.

Effectively Manage Opt-Out Requests.

Implement robust systems and processes to honor consumer opt-outs. Ensure preferences are promptly respected and integrated into your data practices.

Endnotes

[1] Attorney General Ken Paxton Launches Data Privacy and Security Initiative to Protect Texans’ Sensitive Data from Illegal Exploitation by Tech, AI, and Other Companies, TEX. ATT’Y GEN., June 4, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-launches-data-privacy-and-security-initiative-protect-texans-sensitive.

[2] Attorney General Ken Paxton Opens Investigation into Car Manufacturers’ Collection and Sale of Drivers’ Data, TEX. ATT’Y GEN., June 6, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-opens-investigation-car-manufacturers-collection-and-sale-drivers-data.

[3] Attorney General Ken Paxton Notifies Over 100 Companies of their Apparent Failure to Comply with the Texas Data Broker Law that Protects Consumer Privacy, TEX. ATT’Y GEN., June 18, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-notifies-over-100-companies-their-apparent-failure-comply-texas-data.

[4] Attorney General Ken Paxton Reaches Settlement in First-of-its-Kind Healthcare Generative AI Investigation, TEX. ATT’Y GEN., Sept. 18, 2024, https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-reaches-settlement-first-its-kind-healthcare-generative-ai-investigation.

Tags

data assets, privacy policy

Related Practices

Diligence, Licensing, and Opinions

Privacy

Related Industries

AI, Electronics, and Information Technology

Artificial Intelligence (AI) and Machine Learning (ML)

Life Sciences

Transportation and Logistics

Automotive and Smart Mobility Tech

Related Offices

Washington, DC

Related Professionals

Lynn Parker Dupree
Partner
Washington, DC
+1 202 408 4462
Email

*Yaoyu Tang is a Summer Associate at Finnegan.

Copyright © Finnegan, Henderson, Farabow, Garrett & Dunner, LLP. This article is for informational purposes, is not intended to constitute legal advice, and may be considered advertising under applicable state laws. This article is only the opinion of the authors and is not attributable to Finnegan, Henderson, Farabow, Garrett & Dunner, LLP, or the firm’s clients.

Related Insights

Articles

Enforcing Your Patent Rights at Sea: A UK Perspective

June 18, 2026

At the PTAB Blog

New Informative Decision Applies the USPTO’s U.S. Manufacturing and Small Business Use of AIA Proceedings Memo

June 18, 2026

Articles

The SECURE Data Act: A Federal Privacy Framework Moves Forward

June 16, 2026

Articles

The TAKE IT DOWN Act Is Now in Full Effect: What Platforms Need to Know

June 16, 2026

Articles

California Reaches Record $12.75 Million CCPA Settlement with General Motors Over Driver Data

June 4, 2026

Articles

Colorado Replaces Landmark AI Act: An Overview of the New SB 26-189 Framework

May 26, 2026

Articles

COPPA’s Amended Rule Is Now in Full Effect: What Operators Need to Know

May 15, 2026

Seminar

IP Strategy at the Crossroads: Technology, Enforcement, and Contracts

May 15, 2026

Taipei

Conference

International Trade Commission Litigation & Enforcement

May 4-5, 2026

Washington, DC

Due to international data regulations, we’ve updated our privacy policy. Click here to read our privacy policy in full.

  • Privacy
  • Disclaimer
  • Legal Notices
  • Fraud Alert
  • EEO Statement
  • Cookies
  • Contact Us

© 2026 Finnegan, Henderson, Farabow, Garrett & Dunner, LLP