What is the Children's Online Privacy Protection Act (COPPA)?

Home > Law

What is the Children's Online Privacy Protection Act (COPPA)?

What is the Children's Online Privacy Protection Act (COPPA)?

Cheryl Lock
August 22, 2019

The internet may seem like the Wild West at times, but when it comes to your kids and their online privacy, there actually are some rules. The Children’s Online Privacy Protection Act—or COPPA—requires websites and online services to follow certain guidelines when gathering personal information on your kids.

Here’s what you need to know when it comes to children and their online safety.

What does the Children’s Online Privacy Protection Act (COPPA) do?

COPPA is the rule of law when it comes to how websites and online services (like mobile apps) can obtain and use private information from kids. The Children’s Online Privacy Protection Act was originally passed in 1998, went into effect in 2000 and was revised again in 2012 to allow parents to control the information that websites and other online services can obtain from kids.

Websites and other online services geared toward kids 13 and younger are required “to post a complete privacy policy, notify parents directly about their information-collection practices, and get verifiable parental consent before collecting personal information from their children—or sharing it with others.” Here are a few examples of the personal information some sites try and obtain:

  • First and last names
  • Addresses and/or phone numbers
  • Online contact information, including email addresses
  • A Social Security number
  • Photographs, videos, or audio files that contains a child’s image or voice

Depending on the website, parents may be able to provide consent by filling out a form, calling a toll-free number, connecting with staff through a video conference or using a payment system that provides notification of each transaction. Parents can then decide whether the site can collect and use their kids’ personal information and whether they can share it with third parties.

Even after parents give their permission, they always have the right to review collected information and revoke their consent at any time, according to the Federal Trade Commission and by law.

While the Act is aimed at companies that run websites specifically for children, some sites with a more general audience—or sites that operate ads, plug-ins or third-party services used by kid-directed websites—may also be required to follow the same rules. The FTC describes the types of websites that should be following COPPA. Companies that have failed to comply with the law are liable for penalties up to $42,530 per violation. And some companies whose products are considered to be attractive to children can expect increased scrutiny from the FTC and regulators.

What age does COPPA apply to?

The COPPA ruling applies to children ages 13 and younger. According to the FTC, Congress decided this age group is particularly vulnerable to aggressive marketing tactics and aren’t able to fully understand the safety and privacy issues that come with personal data collection online. However, many groups believe that stronger protections are necessary for teenagers, too.

The rule is not intended to protect children against age-inappropriate material, such as pornography. As the FTC notes: “COPPA is meant to give parents control over the online collection, use or disclosure of personal information from children, and was not designed to protect children from viewing particular types of content wherever they might go online.”

Find out who the email address belongs to

What else can be done to protect children’s privacy?

Even with regulations and rulings like COPPA, parents should be in tune with issues surrounding privacy. “Today’s kids are the most-tracked generation,” said James P. Steyer, co-founder and CEO of Common Sense Media. “Without strong protections, lines drawn on what companies can and cannot do, and focused efforts by federal regulators, these businesses will continue to collect and monetize kids’ data.”

COPPA may be a good starting place, but Common Sense Media also strongly supports bipartisan efforts to strengthen the ruling, in the hopes it will further help families protect their children and teens. In fact, the new bipartisan federal bill—COPPA 2.0—that has been introduced would extend children’s privacy protections to age 15, among other things. In the meantime, Common Sense Media urges parents to follow these tips to keep their kids safe online:

  1. Use strict privacy settings in apps and websites.
  2. Establish privacy preferences and adjust settings with your child whenever your kid gets a new device or signs up for a new website or app.
  3. Opt out on location sharing, and don’t allow apps and websites to post to social media sites on your behalf.
  4. Discuss the basics of good online behavior with your kids (there is some good advice here), and encourage them to always consider the information they’re potentially giving away whenever they engage online.

If an unknown person is trying to contact your child, use a reverse phone or reverse email lookup to try and retrieve more information before sending a reply of any kind or contact the authorities.

While COPPA is a good starting part, there is still much more that can be done to protect our kids online. For now, though, you can learn more about how COPPA protects kids 13 and under by checking out the FTC guide and FAQs here.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.