What is COPPA?
The Children's Online Privacy Protection Act, a US federal law that regulates the collection of personal information from children under 13.
COPPA (1998) requires websites and apps that collect data from children under 13 to obtain verifiable parental consent.
Requirements
- Post a clear privacy policy describing data practices
- Get verifiable parental consent before collecting children's data
- Allow parents to review and delete their child's information
- Don't condition participation on unnecessary data collection
- Maintain reasonable security for collected data
Enforcement
- Enforced by the FTC (Federal Trade Commission)
- Penalties up to $50,120 per violation
- Major fines: YouTube ($170M in 2019), Epic Games ($275M in 2022)
Impact on Privacy
- Many websites simply ban users under 13 rather than comply
- Age verification itself raises privacy concerns
- COPPA only protects children — adults have no equivalent protection under US federal law
Related Terms
CCPA
The California Consumer Privacy Act grants California residents rights over their personal information, including the right to know what data is collected, delete it, opt out of its sale, and not be discriminated against for exercising these rights.
GDPR
The General Data Protection Regulation is a comprehensive data protection law in the European Union that gives individuals control over their personal data. It establishes strict requirements for how organizations collect, process, store, and transfer personal information.
Have more questions?
Use our guided flow to get the right next privacy step for COPPA.
Open Guided Flow