A federal judge found the IRS unlawfully disclosed taxpayer address information to Immigration and Customs Enforcement roughly 42,695 times, ruling the agency violated strict confidentiality protections. The finding accelerates legal challenges over interagency data‑sharing agreements and raises questions about safeguards for personally identifiable information held by federal agencies. At the same time, the Federal Trade Commission carved an exception to COPPA, allowing social platforms to collect children’s personal data for age‑verification purposes. The twin developments sharpen scrutiny of government and platform data practices and create new compliance challenges for colleges that handle student records, host research datasets and interact with platforms used by minors and prospective students.