
In May 2025, President Donald Trump signed the federal "Take It Down Act". This law prohibits the publication of intimate images, including deepfakes content, without the consent of the person depicted. The law has received a lot of support both in Congress and among technology companies, such as:
- Meta
- TikTok
First Lady Melania Trump has been a strong supporter of the initiative. She has emphasized its importance in protecting minors from harmful online content.
What Does the "Take It Down Act" Do?
The law criminalizes the intentional distribution of intimate images. It covers both real images and images created by artificial intelligence without the consent of the person depicted. The penalty for a violation can be up to three years in prison. This applies to both legally obtained photos and videos, as well as content created using deepfakes. For example, it is now a crime to publish a sexually explicit video made from a photo of a victim without their consent.
Obligations of Internet Companies
The law also requires technology platforms to remove such content within 48 hours. This creates a mechanism to quickly protect the rights of victims from online exploitation. Companies that fail to meet this deadline may face administrative and civil liability. This includes fines and possible legal action by victims.
Melania Trump's Role and Public Response
The U.S. First Lady gave a speech in support of the bill, stating that "this legislation is a national victory that will help families protect their children from online exploitation. It was noted that teenagers, especially girls, are often victims of offensive digital content, including pornographic deepfakes. The law also received support from prominent public figures. Businesswoman and DJ Paris Hilton called it "a decisive step in the fight against the unauthorized distribution of images on the Internet.
Legal Consequences of Violating the Law
Criminal liability. Violators of the law will be prosecuted. Punishment is provided in the form of:
- Imprisonment for up to 3 years
- Fines
- A criminal record, which may affect employment and the ability to obtain licenses
Special attention is paid to the protection of minors. If the content distributed involves a child, a violation of child pornography laws may be added to the charges.
Ability to File a Civil Lawsuit
Victims may also file a civil lawsuit for damages, including:
- Moral damages
- Loss of reputation
- Loss of profits
- Legal costs
You can read more about this in our article Defamation Claim in California.
Critics' Views
Despite widespread support, the law has raised concerns from digital rights organizations. The Electronic Frontier Foundation has stated that the current version of the bill could threaten free speech and privacy rights and undermine encryption mechanisms. The Internet Society, for its part, emphasized that the requirement to remove content within 48 hours could create a risk of over-moderation. This means that platforms will automatically remove content without proper legal assessment. However, the law does include procedural safeguards. These include the possibility of an appeal and the obligation to notify the alleged infringer.
Child Protection As a Key Objective
The Take It Down Act is particularly important in the context of combating cyberbullying and online exploitation of youth. According to reports from the National Center for Missing and Exploited Children (NCMEC), complaints about the distribution of intimate content to minors continue to rise. Melania Trump, speaking at the March 2025 hearing, stated: "It's heartbreaking to see what teens, especially girls, are going through when faced with the devastating effects of deepfakes and revenge porn." This legislation is the result of her vigorous campaign to create a safe digital environment for future generations.
How the Law Applies In California?
In California, privacy has traditionally been a high priority. The new federal law supplements existing state laws, including California Penal Code Section 647. In addition, individuals in California who are injured by a violation of the new federal law may be able to bring additional claims under state law. You can learn more about the options for filing a civil lawsuit in California in our article The Law in California Involving Intentional Infliction of Emotional Distress.
Potential Impact on the Technology Industry
The passage of the law also requires Internet companies to review their content moderation policies. Companies will be required to create a mechanism to respond quickly to user complaints and implement systems to track deepfakes. Google, Meta, and TikTok supported the initiative, recognizing the need for new rules amid the development of AI. However, they cautioned that a balance must be struck between protecting the rights of victims and preserving free speech.
The Problem of Deepfakes and Children: The Legal Challenge of The New Era
In recent years, image-generation technologies based on artificial intelligence have reached an ambitious level. They make it possible to create realistic deepfake videos, sometimes almost indistinguishable from the real thing. This has created a new layer of legal issues, especially when minors are involved. The introduction of the Take It Down Act was a response to the rapidly growing threat of digital abuse, including child abuse. It is important to note that deepfakes depicting minors may not only fall under the provisions of the new law. They may also fall under the stricter provisions for distribution of child pornography. However, while previous criminal proceedings required proof of the image's authenticity, the new law now officially recognizes even deep fakes as a crime. This makes the law a more versatile tool in the fight against child exploitation in the digital space. In addition, the parents or legal guardians of the minors concerned can now seek compensation through civil proceedings. They may rely on provisions related to invasion of privacy and emotional harm. When the dissemination of intimate material is intentional, the action may also include a claim for moral damages.
Enforcement Complexity and Technology Challenges
Despite the law's lofty goals, effective enforcement requires significant resources from the government and technology platforms. The question is, how do we determine if an image is a deepfake? Companies need to implement automated systems to detect fake content. This is due to the risk of false positives and potential censorship of legitimate material. In addition, the lack of a consistent appeals system can lead to restrictions on free speech. For example, a person falsely accused of posting prohibited content risks being blocked without the ability to recover their data. In this regard, the legal community calls for the creation of a transparent and fair dispute resolution process. This will help balance the goals of the law with the fundamental rights of users, including:
- Freedom of speech
- The presumption of innocence
- The right to a fair trial
Conclusion
The Take It Down Act is an important step in the fight against digital violence, especially against children and young people. Despite the controversy over potential restrictions on freedom of expression, the Act provides a real and effective tool for victims to protect themselves. It is crucial for parents, educational institutions and digital platforms to be aware of the changes in the legislation and to take measures to protect minors in advance. This is necessary to prevent their exposure to harmful online content. If you have been a victim of revenge porn or deepfake, contact KAASS LAW. Call 844-522-7752 for a free consultation. We can help you evaluate your case, identify possible legal options, and pursue justice.
-5.png&w=1536&q=75&dpl=d192f742d739f8da9764db18f802e0e6e3e39ad0)
Massive Password Leak
One of the largest data breaches in recent months has compromised over 19 million passwords. This is a major concern as most of these passwords have been reused across multiple services. According to Cybernews research, the leak includes data from more than 200 different leaks between April 2024 and April 2025. The most alarming part is that 94% of the passwords were used on multiple accounts. This means that a leak on one service could lead to problems on other platforms. In addition, 42% of passwords contain only 8-10 characters. And 27% consist of only lowercase letters and numbers, with no special characters or capitalization. This makes them too easy to crack.
Why Weak Passwords are Still a Danger
Cybersecurity experts note that default passwords such as:
- 123456
- Password
Are still some of the most common. This makes such passwords extremely vulnerable to attack. In addition, many users continue to use the same passwords for multiple accounts. This greatly increases the risk of being hacked. "123456" continues to be the most popular password. The prevalence of these passwords is due to their ease of memorization. But they also leave your account vulnerable to hackers. In addition, the study found that popular names and phrases such as:
- Admin
- Password
Are also found in millions of passwords. Using these common words, numbers, and phrases significantly increases your chances of being hacked.
How Can You Determine if Your Password Has Been Compromised?
There are several tools and methods that can help you determine if your password has been compromised. These include methods such as:
- Using data breach verification services: Sites such as Have I Been Pwned can check to see if your password has been compromised as a result of a known data breach
- Review passwords in use: Compare your current passwords with those found in the breach
- Change passwords on all platforms: If your password has been compromised, change it immediately on all platforms where you use it
Checking accounts and passwords for vulnerabilities is also the most important step. If you find that your password has been compromised, take immediate action to update it.
How Can I Strengthen My Security?
To avoid security problems in the future, follow these tips: 1. Use long passwords. At least 12 characters long, including:
- Upper and lower case letters
- Numbers
- One special character
The more complex your password, the harder it is to guess. For example, the combination "F8gaoUaq91f5" is much more secure than "adminmpassword123". 2. Don't repeat passwords across sites. Using the same password for multiple sites leaves your information vulnerable. Use a unique password for each account. 3. Use password managers. Password managers help you create and store complex passwords for each service. An example is LastPass, which allows you to store and manage passwords. 4. Enable multifactor authentication (MFA). Enabling MFA adds an extra layer of protection and makes your accounts more secure. 5. Check the security of your information regularly. Regularly review the security of your accounts and change passwords if you suspect a breach.
Problems With Password Reuse
Many users still use the same passwords across platforms. This creates serious risks. Cybernews notes that most attacks occur against the backdrop of password reuse. This makes the security system vulnerable to multiple attacks. The "one password for all services" system means that a single breach can lead to multiple problems. This leaves your account vulnerable and increases the risk that information from one account can be used to access other important resources. Such as:
- Bank accounts
- Professional accounts
That's why it's important to use unique passwords for each of your services and platforms. If you are looking for ways to protect your data, you can enlist the services of professionals like KAASS LAW. We can help you develop a protection and risk management strategy for you or your business.
How to Prevent Data Breaches
To prevent data breaches, it is important to follow simple and effective security measures:
- Update passwords: Change your passwords regularly
- Secure mobile devices
- Employee training: If you run a business, it's important to train your employees on basic cybersecurity principles
Conclusion
The data leak of over 19 million passwords underscores the importance of maintaining online security measures. It's not only important to keep track of your passwords, but also to understand how to effectively protect your personal information. Use:
- Long passwords
- Unique
- Complex
- Unusual
Passwords and multi-factor authentication help minimize risk. If you are the victim of a data breach, change your passwords immediately. Also, take advantage of security audit tools. Consider the advice of security experts to strengthen your data protection. For in-depth advice on cybersecurity and data protection contact us.
-3.png&w=1536&q=75&dpl=d192f742d739f8da9764db18f802e0e6e3e39ad0)
Here at KAASS Law, we strive to always keeping up with news and changes in laws or regulations. More importantly, we yearn to find anyways on protecting our kids. We believe our nation's children is the backbone and the future of our country's success. We do what is best for them, including protecting their privacy online. The Federal Trade Commission recently updated the Children's Online Privacy Protection Act. This is aiming to strengthen online privacy protections for children under 13. While these updates introduce important safeguards, they also leave a significant gap in the rapidly growing EdTech sector, potentially leaving student data vulnerable and schools grappling with uncertainty. The following will help explore these matters so we can be more aware of what is going on with our policies and regulation changes.
COPPA: A Brief Overview
COPPA, or the Children's Online Privacy Protection Act, enacted in 1998, requires online services and websites to obtain verifiable parental consent before collecting, using, or disclosing personal information from children under 13. This rule has been crucial in protecting children's privacy in the digital age. However, the recent COPPA update, while addressing some modern challenges, has left a critical area unaddressed: EdTech
EdTech and the Missing Link in COPPA
EdTech, or educational technology, encompasses a vast array of digital tools and platforms used in classrooms and homes for learning. From online learning platforms and educational apps to student management systems and virtual reality tools, EdTech has become an integral part of modern education.
The problem? The updated COPPA Rule does not explicitly address the unique challenges and complexities of EdTech. This leaves a significant grey area regarding how schools and EdTech companies should handle student data, potentially leaving students vulnerable to data misuse and privacy violations.
The Concerns and Challenges
Data Collection and Use: EdTech platforms often collect vast amounts of student data, including names, addresses, grades, disciplinary records, and even sensitive information like learning disabilities. Without clear guidelines, there's a risk that this data could be used for unauthorized purposes, such as targeted advertising, profiling, or even sold to third parties.
Parental Consent: While COPPA requires parental consent for data collection from children, it's unclear how this applies in the school context. Can schools provide consent on behalf of parents? What about situations where EdTech is required for classroom participation? These ambiguities leave schools and EdTech companies in a precarious legal position.
Data Security: EdTech platforms often store sensitive student data, making them attractive targets for hackers. Data breaches in EdTech can have serious consequences, including identity theft, academic disruption, and even potential harm to students' future opportunities.
Lack of Transparency: Many EdTech companies lack transparency about their data collection and use practices. This makes it difficult for parents and schools to understand how student data is being handled. This will better on these decisions about the use of EdTech tools.
The Need for Clarity and Action
The lack of clear COPPA guidelines for EdTech has created a sense of uncertainty and confusion for schools, EdTech companies, and parents. This situation calls for urgent action to guarantee student data protection and that EdTech can continue to play a valuable role in education.
What Can Be Done?
- FTC Guidance: The FTC needs to provide clear guidance on how COPPA applies to EdTech, addressing issues like parental consent, data security, and permissible data use in educational contexts.
- Industry Standards: EdTech companies should adopt robust privacy and security standards, prioritizing data minimization, transparency, and strong data protection measures.
- School Policies: Schools need to develop clear policies on EdTech use, data privacy, and parental consent. This will help compliance with COPPA and other relevant laws.
- Parental Awareness: Parents need to be aware about the data collection practices of EdTech platforms. As a result, this gives the opportunity to gives parents the power to make well decisions about their children's privacy.
KAASS Law: Protecting Student Privacy
This uncertainty has left many EdTech providers hesitant to fully engage with schools, fearing potential legal repercussions. This chilling effect could stifle innovation and limit the availability of valuable educational tools for students. Moreover, the lack of clear guidelines may create an uneven playing field, with some EdTech companies taking advantage of the ambiguity to engage in questionable data practices while others struggle to comply. Ultimately, this situation underscores the need for a collaborative effort between the FTC, EdTech companies, and educational institutions to develop clear, enforceable standards that protect student privacy while fostering innovation and ensuring equitable access to technology in education. Only through such collaboration can we harness the power of EdTech while safeguarding the privacy rights of our children.
At KAASS Law, we commit to protecting children's privacy in the digital age. We are closely monitoring the EdTech landscape and advocating for strong privacy protections for students. If you have concerns about the privacy of your child's data in EdTech, contact us for a consultation. We can help you understand your rights and options and work with schools. Additionally, we can connect with EdTech companies to ensure they are complying with the law. We understand your child's rights. For any further legal assistance and or consultation, contact us right away!