Troutman Pepper Locke State Attorneys General Team

Subscribe to Troutman Pepper Locke State Attorneys General Team's Posts
Contact:Read more about Troutman Pepper Locke State Attorneys General Team

On April 13, 2026, Virginia Governor Abigail Spanberger signed SB338 into law, amending Virginia’s Consumer Data Protection Act (VCDPA) to prohibit controllers of personal data from selling consumers’ precise geolocation data. This ban, which takes effect on July 1, 2026, makes Virginia the third state in recent years to prohibit the sale of such data and reflects a trend that is likely to continue. Somewhat surprisingly, Virginia was the second state, behind California, to enact a comprehensive consumer privacy law and is continuing within that vein with this early expansion of privacy rights.

On April 20, 2026, Attorney General (AG) Brian Schwalb announced that Live Nation, which owns Ticketmaster, will pay $9.9 million to resolve allegations of deceptive ticket pricing and hidden fees affecting District of Columbia consumers. The settlement provides millions in refunds to D.C. ticket buyers and requires Live Nation to maintain reforms that ensure upfront disclosure of full ticket prices.

On April 13, a bipartisan coalition of more than two dozen state attorneys general (AGs) submitted a comment letter supporting the Federal Trade Commission’s (FTC) proposed rule targeting so-called “junk fees” in the residential rental market. The coalition’s letter reflects growing concern that alleged undisclosed or misleading rental fees are worsening housing affordability and confusing consumers nationwide. 

In its recent decision in Office of the Attorney General v. PFLAG, Inc., the Texas Supreme Court addressed the scope of the attorney general’s (AG) authority to issue civil investigative demands (CIDs) under the Deceptive Trade Practices Act (DTPA). The dispute arose against the backdrop of State v. Loe, a case challenging Texas’s statutory ban on certain gender-affirming medical treatments for minors. PFLAG, a nonprofit involved in that litigation, received a CID issued by the Office of the AG (OAG) based on statements made in a supporting affidavit, which led the OAG to assert that PFLAG may have information relevant to potential misrepresentations by medical providers to insurance companies.

The Illinois attorney general (AG) recently filed a brief defending the Illinois Interchange Fee Prohibition Act (IFPA) in an appeal arising out of litigation captioned Illinois Bankers Association v. Raoul. The AG asked the Seventh Circuit to affirm a lower court’s decision to uphold the IFPA’s ban on certain interchange fees, also known as card “swipe” fees. The industry argues that the law is unconstitutional or inconsistent with federal law. The AG also asked the Seventh Circuit to overturn the lower court’s decision that the act’s data usage limitation is preempted by federal law.

A federal court in Michigan significantly narrowed Michigan Attorney General (AG) Dana Nessel’s privacy and consumer protection case against Roku, Inc. (Roku) dismissing all non-Children’s Online Privacy Protection Act (COPPA) claims for lack of standing while allowing the state’s privacy claims under COPPA to proceed. The decision highlights COPPA’s utility as a vehicle for state AGs to bring enforcement actions in federal court, while also underscoring the jurisdictional limits on bringing companion state privacy and consumer protection claims in the same forum.

On March 26, 2026, California Attorney General (AG) Rob Bonta filed a complaint in state court against six individuals and three organizations for allegedly creating and operating sham charities. According to the complaint, the defendants used the organizations to raise approximately $3.8 million, which they used for personal expenses. The complaint alleges that these actions resulted in violations of various state laws, including California’s Charitable Supervision Act.

Connecticut Attorney General (AG) William Tong announced on March 20, 2026, that Connecticut has joined with other states and the federal government to reach a settlement with CVR Management, LLC, the entity that manages the Center for Vein Restoration (CVR), resolving allegations that the company billed government health programs for medically unnecessary procedures. The settlement requires CVR Management to pay $4 million, which will be distributed among the Medicaid programs of eight states, the District of Columbia, the federal government, and the relators of the original lawsuits.

On March 12, 2026, Vermont Attorney General (AG) Charity Clark announced a settlement with United Counseling Service of Bennington County, Inc. (UCS), an organization contracted with Vermont’s Medicaid program to provide services to vulnerable adults in Vermont. The settlement agreement resolves Vermont’s allegations related to service failures that resulted in alleged safety risks to Medicaid recipients and the public, and requires UCS to pay the state $483,464 and implement various “dramatic organizational reforms” to improve oversight and monitoring.

What Happened

States including Texas, Utah, Louisiana, and California have begun shifting children’s online safety obligations from individual apps and websites to app stores and operating systems. These laws generally require centralized age checks, parental consent tracking, and tighter coordination between app stores and developers, and they are already generating litigation risk, including a pending First Amendment challenge to the Texas statute. For a deeper overview of these state approaches and the emerging legal challenges, see this article.