What is COPPA (Children's Online Privacy Protection Act)?

The Children's Online Privacy Protection Act (COPPA) is a US federal law enacted in 1998 and enforced by the Federal Trade Commission (FTC). It applies to operators of commercial websites and online services (including mobile apps) that are directed to children under 13, or that have actual knowledge that they are collecting personal information from children under 13. COPPA was updated in 2013 to address evolving online technologies including social networking, mobile apps, and behavioral advertising.

COPPA requires covered operators to post a clear and comprehensive privacy policy describing their information practices for children's data, provide notice to parents and obtain verifiable parental consent before collecting personal information from children, give parents the choice of consenting to collection and use without consenting to disclosure to third parties, provide parents access to their child's personal information, and maintain the confidentiality and security of collected information. Personal information under COPPA includes name, address, email, phone number, Social Security number, geolocation information, photos, videos, audio files, and persistent identifiers used for behavioral advertising.

The FTC enforces COPPA through administrative and civil actions, with penalties of up to $50,120 per violation (adjusted for inflation). Organizations serving younger audiences should use ConsentIQ to implement compliant parental consent mechanisms and DiscoverIQ to identify where children's personal information is collected and stored.