Texas Age Verification / Parental Consent Requirements for App Stores Likely Constitutional, Fifth Circuit Holds
From Students Engaged in Advancing Texas v. Paxton, decided yesterday by the Fifth Circuit (Judges Jerry Smith and Andrew Oldham):
The Texas Legislature enacted Senate Bill 2420 …, the App Store Accountability Act, with bipartisan support to help parents direct and supervise children's downloads of apps and in-app purchases. The Act accomplishes those goals by requiring age verification; parental consent; and age rating and content display. {[The law] requires app stores to provide certain information in obtaining parental consent, referring to ratings and content … that are determined by the developer.}
The district court issued universal preliminary injunctions against SB2420 after applying strict scrutiny. The State of Texas seeks a stay pending appeal…. Texas has made a strong showing that it is likely to succeed on the merits of its claim that the district court committed several reversible errors.
First, the district court likely erred in applying strict scrutiny to significant parts, if not all, of the Act. At most, SB2420 regulates speech that "proposes a commercial transaction," which is subject to intermediate scrutiny under Central Hudson Gas & Electric Corp. v. Public Service Commission (1980). {SB2420 may not regulate speech at all, given that it does not target any substantive content but instead regulates commercial conduct with an incidental relationship to speech.}
App store transactions are commercial in nature. After all, users browsing an app store can see a catalog of applications, obtain additional information, and download or purchase an application.
App listings propose commercial transactions, regardless of whether any monetary payment is made. In fact, the "payment" for apps that are purportedly "free" is access to user data and private information. Any minor who downloads an app must accept its terms of service, including agreements about how the minor's data is used. Some terms require minors to waive the right to sue by agreeing to "arbitration pr[o]visions that no child can understand." Detailed user data, including that of minors, is the life-blood of the app store monetization ecosystem….
Second, … Texas has likely shown that the SB2420 survives intermediate scrutiny because the Act "advances important governmental interests unrelated to the suppression of free speech and does not burden substantially more speech than necessary to further those interests." Requiring age verification, parental consent, and app-related content ratings likely directly and materially advances Texas's substantial interest in protecting children's data, safety, and privacy in a digital world. Thus, there is likely a "reasonable fit" between SB2420's methods and goals allowing parents to direct and supervise children's downloads of apps and in-app purchases.
That some works protected by the First Amendment may be the object of app downloads or in-app purchases does not categorically exempt them from ordinary regulations governing commercial transactions. Otherwise, any company involved in proposing a commercial transaction could trigger strict scrutiny by incidentally including speech as part of the transaction….
Third, … SB2420's emergency-services exception {likely does not run afoul of constitutional concerns}. [It] is not likely content-based but, instead, focuses on why the service is needed, not what is being communicated. "[E]mergency calls serve the vital purpose of protecting the safety and welfare of Americans." Section 121.022(h)(1) directly addresses data and privacy concerns by requiring that the emergency services app "limit[ ] data collection to information" that is "collected in compliance with" the Children's Online Privacy Protect Act ("COPPA") and "necessary for the provision of emergency services." Users do not need to create an account to access and use the emergency service app….
We need not conclusively resolve the question of the other exception for an app that "is operated by or in partnership with" a regulated nonprofit organization that "develops, sponsors, or administers [ ] standardized test[s]." That standalone exception, which focuses on the identity of the speaker, does not necessarily reflect a content preference, but rather the reality that students often need to take tests "used for purposes of admission to or class placement in a postsecondary educational institution or a program within a postsecondary educational institution." The speaker-based distinction appears to be content-neutral, not content-based, in discriminating among ideas or viewpoints. And section 121.022(h)(2)(B) mitigates data-privacy concerns, requiring that the non-profit "is subject to" separate laws prohibiting certain uses of student information.
In any event, that limited standalone exception can be severed consistently with SB2420's strong severability provision and severability principles, because the remainder of SB2420 is "capable of functioning independently" and is "fully operative as a law." The district court likely erred in failing faithfully to apply the severability clause. {We do not suggest that there are any problematic provisions of SB2420 and merely follow the law's unambiguous textual severability command.}
{Insofar as there may be any unconstitutional application of SB2420, the district court failed to conduct a proper facial-invalidity analysis under Moody v. NetChoice (2024). Plaintiffs who bring facial challenges must demonstrate that "the ratio of unlawful-to-lawful applications is … lopsided enough to justify the strong medicine of facial invalidation." Put another way, Plaintiffs must show that "the law's unconstitutional applications substantially outweigh its constitutional ones" to prevail in "a facial suit [ ] based on the First Amendment." It is highly unlikely that Plaintiffs have met this "rigorous standard."} …
[And t]hough we express great skepticism that Plaintiffs are entitled to relief, any such relief, if warranted, would be an injunction limited to enforcement against the Students Engaged in Advancing Texas ("SEAT") plaintiffs and any identified members of the Computer & Communications Industry Association ("CCIA"). In any event, a blanket prohibition on SB2420's enforcement is likely inappropriate….
The need to protect children is intensified in the digital world, where app stores have violated existing consumer protection and child privacy laws for years, despite a federal consent decree. {See, e.g.,ROA.26-50001.849 ("The consequences are substantial. As documented in public reports, thousands of children have been sextorted, targeted with illegal drugs, contacted by traffickers, exposed to dangerous viral challenges, or encouraged toward self-harm by chatbots, often inside apps that app stores present as appropriate and safe for young teenagers.").} Absent SB2420, parents' ability to protect their children is imperiled because app stores have encouraged minors to download applications and make in-app purchases without giving parents accurate content information or obtaining their informed consent.
Any purported burden on app stores and developers is minimal because SB2420 requires only "commercially reasonable" verification methods and allows developers to use "widely adopted industry standards" in determining age ratings and those related to corresponding content. The balance of equities and public interest are clearcut in Texas's favor….
Judge Catharina Haynes concurred in granting a stay pending appeal, but otherwise did not join the court's opinion and did not further explain her views.