Children's Online Privacy Protection Act (COPPA)
View Law TextNeed Help with COPPA Compliance?
Get expert guidance on implementing COPPA requirements and ensuring ongoing compliance for your online services.
Get Expert HelpOverview
The Children's Online Privacy Protection Act (COPPA) imposes requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information from children under 13.
Key Facts
- Enacted in 1998, Rule effective since 2000
- Enforced by Federal Trade Commission
- Applies to online services targeting children
COPPA Rules
Privacy Notice Requirements
Clear and comprehensive online privacy policy describing information practices for children's personal information.
Requirements
- Direct notice to parents
- Online privacy policy posting
- Information collection practices
- Information use disclosure
- Parental rights description
Examples
- Privacy policy placement
- Parent notification emails
- Information collection forms
- Use disclosure statements
Parental Consent
Verifiable parental consent before collecting, using, or disclosing children's personal information.
Requirements
- Consent verification methods
- Consent documentation
- Exception handling
- Consent revocation process
- Record maintenance
Examples
- Credit card verification
- Government ID verification
- Video verification
- Knowledge-based questions
Parental Access Rights
Parents' rights to review, delete, and control their children's information.
Requirements
- Information review process
- Deletion procedures
- Access verification
- Control mechanisms
- Request handling
Examples
- Parent dashboards
- Information request forms
- Deletion confirmation
- Access logs
Compliance Requirements
Age Verification System
Implement reliable methods to determine the age of website or service users.
Implementation Steps
- Design age screening
- Implement neutral age gates
- Block underage users
- Monitor effectiveness
- Update procedures
Required Documentation
- Age gate design
- Screening procedures
- Blocking records
- Effectiveness reports
- Update logs
Children's Data Handling
Proper collection, use, disclosure, and protection of children's personal information.
Implementation Steps
- Define collection limits
- Implement security measures
- Control data access
- Manage retention
- Handle deletion requests
Required Documentation
- Data inventory
- Security protocols
- Access logs
- Retention schedule
- Deletion records
Third-Party Management
Oversight of third parties collecting or maintaining children's information.
Implementation Steps
- Identify third parties
- Review practices
- Establish agreements
- Monitor compliance
- Audit activities
Required Documentation
- Third-party list
- Review reports
- Service agreements
- Monitoring logs
- Audit findings
Enforcement & Penalties
FTC Enforcement
The Federal Trade Commission has primary enforcement authority for COPPA violations.
Penalty Categories
Example Cases
State Enforcement
State attorneys general can enforce COPPA within their jurisdictions.