State Privacy Law Tracker: Arkansas

Arkansas Data Privacy Law

In recent years, state legislatures have been keeping busy passing privacy-related legislation aimed at certain industries or services. In addition, several states have privacy clauses in their state constitutions that offer residents more rights than the U.S. Constitution. 

Arkansas is one of a shrinking number of states that do not currently have a comprehensive data privacy law in effect or introduced in the state legislature this year.

The lives of consumers are increasingly reliant on social networking, mobile technology, and e-commerce websites. They facilitate information availability for consumers and speed up and simplify shopping and transactions. Computer networks are being extended to common objects through smart speakers, intelligent personal assistants, and other connected devices.

Arkansas’ New Social Media Law

In April 2023, Arkansas followed Utah in signing legislation that restricts social media usage for minors. In March 2023, Utah became the first US state to require social media firms to receive parental consent for children to use their apps and to verify that users are at least 18 years old. 

Interestingly, the passage of the Utah social media bill coincided with a searing congressional hearing for TikTok CEO Shou Zi Chew.

Arkansas’ privacy law Senate Bill 66 provides protection for minors using social media apps. 

The Arkansas state privacy act requires social media sites like Facebook and Twitter to confirm the ages of young Arkansans signing up for accounts.

According to the legislation, anyone under the age of 18 must have a parent or guardian’s written permission before they can create an online profile.

The bill’s sponsor, Sen. Tyler Dees of Siloam Springs, claimed in testimony before the Arkansas Senate on Thursday morning that reasonable age verification would enable parents to protect their children from potentially harmful users and inappropriate content on social media.

Similar legislation has been proposed around the nation, and Utah just approved a groundbreaking law requiring social media age verification. When the Arkansas law goes into effect on September 1 (the Utah law goes into effect next year, but legal challenges are expected), it will be the first to be put into practice.

The Arkansas social media law would only cover individuals that create new accounts after Sept. 1, 2023.

Key Takeaways of the Law

Arkansas’ new social media law aims to clamp down on kids’ access to online sites. The law requires Arkansans under 18 years old to get parental permission before creating a new social media account.

Companies that run social media platforms and generate at least $100 million in yearly revenue will be subject to the Act. According to the Act, a “social media company” is an online community where users can:

  • create accounts primarily for social interaction with other accounts
  • submit content
  • see other users’ postings or content
  • communicate with other users. 


Social media companies could be civilly and criminally liable if they knowingly fail to perform reasonable age verification.

The Act establishes a private right of action to recover a penalty of $2,500 per infraction, in addition to fines and damages mandated by a court, and allows for enforcement by the Arkansas Attorney General.

Social media companies and third-party vendors must not retain any identifying information gathered during the age verification process once access to the platform has been granted.


The new law covers the major social media companies, such as Meta, which owns Facebook and Instagram, TikTok, Twitter, Snapchat, and other platforms.

It is written in a way that disallows the use of platforms that generate less than $100,000,000 in gross annual revenue, including platforms like YouTube, LinkedIn, online video games, email and instant messaging services, streaming websites, and e-commerce.

The definition of “social media company” expressly excludes the following internet industries: gaming, subscription-only services, cloud computing, business networking, and organizations that get less than 25% of their revenue from running social media platforms. 

Other Arkansas Privacy Laws

Arkansas Biometric Privacy Law

According to Arkansas law, organizations and people who purchase, own, or license personally identifiable information (PI), including biometric data, are obligated to establish and maintain reasonable and appropriate security procedures to guard the data against unlawful access or disclosure. Businesses and individuals must now notify impacted customers and, if the incident affects more than 1,000 people, must notify the attorney general as well.

Sign up for our Data Privacy Tracker with monthly updates on the latest news and developments

Skip to content