Texas Targets Big Tech With Wave of Suits and Investigations, Part of Nationwide Trend

Texas Attorney General (AG) Ken Paxton has embarked on an aggressive campaign of regulation through enforcement against some of the world’s largest technology companies.

Over a span of days in May 2026, AG Paxton filed suit against Netflix for alleged violations of the Texas Deceptive Trade Practices Act (DTPA); launched an investigation into Meta’s AI-powered smart glasses; sued Meta and WhatsApp over alleged deception under the DTPA; and sued the messaging app Discord under the DTPA for allegedly deceiving parents and exposing children to predators.

Armed with long-standing laws that protect children and consumers, new statutes aimed specifically at AI and privacy, and the resources of a major state justice department, the Texas AG has become a leading litigant against technology companies.

AG Paxton’s moves come as plaintiffs and federal and state regulators across the country have intensified their scrutiny of similar corporations for a variety of alleged harms.

While regulators and plaintiffs are investigating and suing for different reasons, many of the lawsuits fit an emerging pattern: claims focus on the protection of children or privacy, allege defective designs of technology products, and seek both alterations to consumer-facing products and per-violation damages—which could total hundreds of millions of dollars.

The pace and breadth of legal action against technology companies, including by Texas, poses an increasingly complex legal and compliance environment for technology companies with ramifications for the broader sector, downstream deployers, and investors alike.

A Pattern of Pursuit

In the complaints, AG Paxton—now the Republican nominee for the U.S. Senate—alleges that the technology companies committed a range of illegal acts. For example, on May 11, Texas accused Netflix of violating the DTPA by spying on children and other consumers by collecting their data without consent and designing its platform with “dark patterns”—“subtle features engineered to manipulate users to take the actions Netflix wants them to take”—to addict users. Texas’ Deceptive and Trade Practices Act prohibits “[f]alse, misleading, or deceptive acts or practices in the conduct of any trade or commerce.”

On May 20, AG Paxton announced an investigation into Meta’s AI Glasses, which can record audio and video through a small camera mounted in the frames. Texas alleges, among other claims, that a Kenyan subcontractor can access consumers’ private information—despite Meta’s claims the glasses are “designed for privacy.” AG Paxton issued Meta a civil investigatory demand to “investigate and determine whether Meta deceptively misrepresents the extent of its use of private data from consumers in violation of Texas law.”

The next day, Texas sued Meta and WhatsApp for allegedly failing to disclose that Meta can access users’ private communications on WhatsApp. Even though they tell users that their messages are private, defendants “have access to virtually all of WhatsApp users’ purportedly ‘private’ communications,” the suit alleges. The suit, brought under the DTPA, seeks civil penalties and injunctive relief barring defendants “from accessing the content of any Texan’s WhatsApp communications absent their consent.”

And on May 22, Texas filed suit against the messaging app Discord, claiming that Discord’s product decisions “make it easy for bad actors to locate vulnerable users, build trust quickly, and operate out of the public view.” The suit further alleges that the app by design defaults every account setting toward maximum exposure to users, that the platform staffs safety functions with unpaid volunteers, and that Discord built a platform architecture that is “a hunting ground to find, manipulate, and sextort our most vulnerable.” 

The suit seeks an injunction requiring Discord to default all safety settings to maximum protection for new accounts, implement age verification pursuant to Texas's Securing Children Online through Parental Empowerment (SCOPE) Act of 2023, a return of revenue derived from allegedly unlawful conduct, civil penalties of up to $10,000 per violation of the DTPA, and attorneys’ fees and costs. The SCOPE Act prohibits digital service providers from sharing, disclosing, or selling a minor’s personal identifying information without permission from the child’s parent or legal guardian and requires giving parents tools to manage a child’s account.

Past is Prologue

These developments build on a foundation of Texas’ prior enforcement efforts.

• In June 2024, AG Paxton launched an initiative and established a team “to protect Texans’ sensitive data from illegal exploitation by tech, AI, and other companies.” At the time, the team was “poised to become among the largest in the country focused on enforcing privacy laws.”
• In July 2024, Texas secured a $1.4 billion settlement with Meta over allegations the company violated its biometric privacy law with a now-defunct facial recognition program—the largest such settlement for an action brought by a single state.
• In September 2024, AG Paxton agreed to what he called a first-of-its-kind settlement with a generative AI healthcare company over allegations the company made false and misleading statements about its products.
• In October 2024, Texas (and other states, see below) sued TikTok for allegedly putting the online safety and privacy of children at risk in violation of the SCOPE Act, seeking $10,000 per violation. It filed a second suit against TikTok in January 2025 for consumer fraud because the platform claims (allegedly falsely) that it is safe for minors.
• And in December 2024, AG Paxton initiated investigations into 15 technology and AI companies—including Character.AI, Discord, Instagram, and Reddit—regarding their privacy and safety practices for minors under the SCOPE Act and the Texas Data Privacy and Security Act of 2023 (TDPSA). The TDPSA imposes notice and consent requirements on those collecting and using minors’ personal data and provides for a civil penalty of up to $ 7,500 per uncured violation.

A National Trend

Texas stands out for its aggressive moves against technology companies. But it is not alone.

For example, the Federal Trade Commission (FTC) recently sent letters to Internet platforms and applications warning them to comply with the TAKE IT DOWN Act, a law enacted last year that requires platforms to provide a mechanism to request the removal of nonconsensual intimate images, including those created by AI. The FTC can seek civil penalties of up to $53,088 per violation.

At the state level, a bipartisan coalition of attorneys general led by California and New York are pressing lawsuits against TikTok for allegedly harming children’s mental health and seeking per-violation penalties and alterations to TikTok’s product.

In March 2026, juries in New Mexico and California found social media companies liable for failing to protect kids from child exploitation and for platform features that caused addiction in children, respectively. In New Mexico, the AG sued Meta under the state’s unfair practices act, and a jury ordered Meta to pay the maximum penalty under the law of $5,000 per violation, totaling $375 million. At this writing, a New Mexico judge is weighing whether to order design changes to Meta’s products over the company’s harm to children.

In late May, Meta, Snap, TikTok, and YouTube settled a bellwether multi-district litigation case helmed by a Kentucky school district that claimed the platforms caused youth social media addiction. The consolidated case, In Re: Social Media Adolescent Addiction/Personal Injury Products Liability Litigation, brought by about 1,200 school districts, is ongoing. The next two bellwether cases, pressed by the school districts of Tucson, Arizona, and Charleston, South Carolina, are scheduled to proceed in February 2027.

A separate case brought by California and over 30 bipartisan state attorneys general—including from Arizona, Idaho, New York, and South Carolina—against Meta for alleged violations of various state unfair practices and consumer protection statutes and the federal Children’s Online Privacy Protection Act (COPPA) is scheduled to go to trial on August 6, 2026.

More recently, a bipartisan group of attorneys general has written to technology companies and to Congress pledging to investigate alleged harms and calling for federal support.

What It Means for Technology Companies

Plaintiffs, joined by regulators across the political spectrum, have shown a willingness to invoke state consumer protection and privacy statutes against major technology platforms and seek concrete product changes and significant monetary damages. They have notched several notable successes. Technology developers, technology deployers, and investors should take note, carefully consider relevant product-design choices, and weigh litigation risks.

For more on these issues, please join Crowell for a webinar on July 1, 2026, on “Large Liability Models? Emerging Tort and Privacy Risks in Chatbots and Generative AI” for a discussion of high-level legal strategy to manage risk in this complex business and legal environment.