The Children’s Online Privacy Protection Act (COPPA) was enacted in 1998 to safeguard the personal information of children under 13 years old on the internet. It was introduced in response to growing concerns about online data collection practices. COPPA requires websites and online services knowingly collecting children’s data to obtain verifiable parental consent before collecting personal data from kids under 13 and imposes strict regulations on how such data is handled.
COPPA has several key provisions designed to protect children’s online privacy. Websites and online services directed at children under 13 years old must post a clear privacy policy explaining their data collection practices. They must also provide direct notice to parents and obtain verifiable parental consent before collecting personal information from children. Parents have ongoing rights, including the ability to review and delete their child’s data.
Businesses that must comply with COPPA include websites, apps, and online services that are directed at children under 13 or knowingly collect personal information from children. This includes social media platforms, gaming sites, educational services, streaming services, and ad networks that gather data from young users. Even general-audience websites must comply if they knowingly collect data from children. If a business partners with third-party services that collect children’s data, it may also be subject to COPPA regulations
Parental Consent
Businesses can obtain verifiable parental consent under COPPA using several approved methods. The Federal Trade Commission (FTC) allows companies to use techniques such as signed consent forms, credit card or online payment verification, phone or video calls with trained personnel, and government-issued ID checks. Some businesses also use email consent with follow-up verification, where parents must respond to an email and take an additional step to confirm their identity. The FTC provides detailed guidance on acceptable methods
Parental Rights
Under COPPA, parents have several important rights to protect their children’s online privacy. They have the right to review and delete any personal information collected from their child, as well as the ability to limit further data collection. Parents must be notified about data collection practices and must provide verifiable consent before a website or online service gathers personal information from their child. Additionally, they can withdraw consent at any time, preventing further use or disclosure of their child’s data.
Privacy Policy Disclosures
A privacy policy must include several key disclosures to ensure transparency about data collection practices for children under 13 years old. Websites and online services must clearly state what personal information they collect from children, how it is used, and whether it is shared with third parties. They must also disclose how parents can review, delete, or limit the collection of their child’s data. Additionally, the policy should provide contact details for inquiries.
The Federal Trade Commission (FTC) enforces COPPA and has taken action against companies that fail to comply.