SecurePrivacy Logo

Children's Online Privacy Protection Act (COPPA)

View Law Text
Maximum Fine
$43,280 per violation
Scope
Children Under 13
Regulator
FTC
Consent
Parental

Need Help with COPPA Compliance?

Get expert guidance on implementing COPPA requirements and ensuring ongoing compliance for your online services.

Get Expert Help

Overview

The Children's Online Privacy Protection Act (COPPA) imposes requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information from children under 13.

Key Facts

  • Enacted in 1998, Rule effective since 2000
  • Enforced by Federal Trade Commission
  • Applies to online services targeting children

COPPA Rules

Privacy Notice Requirements

Clear and comprehensive online privacy policy describing information practices for children's personal information.

Requirements

  • Direct notice to parents
  • Online privacy policy posting
  • Information collection practices
  • Information use disclosure
  • Parental rights description

Examples

  • Privacy policy placement
  • Parent notification emails
  • Information collection forms
  • Use disclosure statements

Parental Access Rights

Parents' rights to review, delete, and control their children's information.

Requirements

  • Information review process
  • Deletion procedures
  • Access verification
  • Control mechanisms
  • Request handling

Examples

  • Parent dashboards
  • Information request forms
  • Deletion confirmation
  • Access logs

Compliance Requirements

Age Verification System

Implement reliable methods to determine the age of website or service users.

Implementation Steps

  • Design age screening
  • Implement neutral age gates
  • Block underage users
  • Monitor effectiveness
  • Update procedures

Required Documentation

  • Age gate design
  • Screening procedures
  • Blocking records
  • Effectiveness reports
  • Update logs

Children's Data Handling

Proper collection, use, disclosure, and protection of children's personal information.

Implementation Steps

  • Define collection limits
  • Implement security measures
  • Control data access
  • Manage retention
  • Handle deletion requests

Required Documentation

  • Data inventory
  • Security protocols
  • Access logs
  • Retention schedule
  • Deletion records

Third-Party Management

Oversight of third parties collecting or maintaining children's information.

Implementation Steps

  • Identify third parties
  • Review practices
  • Establish agreements
  • Monitor compliance
  • Audit activities

Required Documentation

  • Third-party list
  • Review reports
  • Service agreements
  • Monitoring logs
  • Audit findings

Enforcement & Penalties

FTC Enforcement

The Federal Trade Commission has primary enforcement authority for COPPA violations.

Penalty Categories

Civil Penalties
Up to $43,280 per violation
Per violation of the Rule
Injunctive Relief
Varies
Court-ordered changes to business practices
Compliance Monitoring
Case-specific
Mandatory compliance reports and audits

Example Cases

YouTube
$170 million
2019 - Collecting children's personal information without parental consent
TikTok
$5.7 million
2019 - Illegally collecting personal information from children

State Enforcement

State attorneys general can enforce COPPA within their jurisdictions.

Penalty Categories

State Civil Penalties
Varies by state
Additional state-level fines
State Injunctions
Varies
State-specific enforcement actions
Consumer Restitution
Case-dependent
Compensation to affected families

Example Cases

Musical.ly
$4 million
2020 - State-level settlement for COPPA violations
Recolor App
$3 million
2021 - Multi-state enforcement action