Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?

Arkansas has no consumer privacy law. However, under the leadership of Attorney General Tim Griffin, the state is beginning to position itself as a staunch defender of individual privacy rights.

With a focus on cybersecurity, robocalls, and children's privacy, as well as broader consumer privacy issues, Griffin's approach follows the U.S. Federal Trade Commission's in protecting consumer privacy absent a federal consumer privacy law — the Arkansas Deceptive Trade Practices Act. He has also held summits and issued warnings and demand letters.

Griffin has been exceptionally busy in 2024 protecting Arkansans' right to privacy and that push may indicate the time is right for the Arkansas General Assembly to follow his leadership and pass a comprehensive data privacy law.

In February, Griffin filed an amicus brief on behalf of 23 other state attorneys general opposing a database created by the U.S. Security and Exchange Commission containing vast quantities of personal information.

In March, he wrote to Meta on behalf of himself and 26 state attorneys general demanding the company improve Instagram's protection of children. Later that month, he began investigating Change Healthcare after a ransomware attack and issued consumer alerts about how consumers could best protect themselves. A week later, he sued a robocaller for the second time, along with another seven attorneys general, seeking a USD122 million fine.

In May, Griffin announced his previous suit against TikTok and parent company Bytedance would continue after defeating efforts to dismiss that suit. He filed a similar suit against Meta in 2023, which the courts allowed to proceed in June. Later the same month, he sued Temu based on its use of Arkansans' personal information. In July, a court denied the defendant's motion to dismiss a separate suit Griffin filed against TikTok and Bytedance.