The Children’s Online Privacy Protection Rule (COPPA) is a U.S. federal law that regulates how websites, apps, and online services collect and use personal information from children under 13\. It requires parental consent, transparency, and safeguards to protect children’s data online.
Children's Online Privacy Protection Rule (COPPA)
Key facts about COPPA
- Full name: Children’s Online Privacy Protection Rule (COPPA)
- Regulation: 16 CFR Part 312 (United States)
- Regulator: Federal Trade Commission (FTC)
- Applies to: Websites, apps, and online services directed to children under 13
- Key requirement: Verifiable parental consent before collecting personal data
- Focus: Protecting children’s personal information online
What is COPPA?
The Children’s Online Privacy Protection Rule (COPPA) is a U.S. federal regulation that governs how online services collect, use, and share personal information from children under the age of 13.
For those asking what COPPA is or what the COPPA law is, it is a privacy framework designed to give parents control over the information collected from their children online.
COPPA applies to operators of websites, mobile apps, and digital services that are directed to children or have actual knowledge that they are collecting personal data from children under 13.
COPPA meaning
The COPPA meaning comes from the Children’s Online Privacy Protection Act, which authorizes the COPPA Rule enforced by the FTC.
The law focuses on protecting children’s privacy by requiring organizations to:
- Provide clear information about data collection practices
- Obtain parental consent before collecting personal information
- Limit how children’s data is used and shared
- Implement safeguards to protect personal information
Who does COPPA apply to
COPPA applies to a wide range of online services.
Organizations may be subject to COPPA if they:
- Operate websites or apps directed to children under 13
- Have actual knowledge that they collect personal data from children
- Offer online services that attract a significant child audience
The rule primarily applies to commercial, for-profit entities.
What counts as personal information under COPPA
COPPA defines personal information broadly to include data that can identify or track a child.
Examples include:
- Name, address, or email address
- Phone number
- Geolocation data
- Photos, videos, or audio recordings
- Persistent identifiers such as IP addresses or cookie IDs
Examples of personal information under COPPA
Category | Examples |
|---|---|
Direct identifiers | Name, home address, email address, phone number |
Media content | Photos, videos, or audio recordings of a child |
Location data | GPS location or precise geolocation |
Online identifiers | IP address, cookie IDs, device identifiers |
Behavioral data | Tracking data used for profiling or advertising |
Key COPPA requirements
The COPPA law establishes several key obligations for organizations.
Verifiable parental consent
Organizations must obtain verifiable parental consent before collecting, using, or sharing personal information from children under 13.
Privacy policy and notice
Operators must provide a clear and accessible privacy policy that explains how children’s data is collected and used.
Data protection and security
Organizations are expected to implement reasonable measures to protect children’s personal information from unauthorized access or misuse.
Parental rights
Parents have the right to:
- Review their child’s personal information
- Request deletion of data
- Refuse further collection or use of data
COPPA requirements overview | Description |
|---|---|
Requirement | Verifiable parental consent must be obtained before collecting personal data from children under 13 |
Parental consent | A clear and accessible privacy policy must explain data collection and usage practices |
Privacy notice | Only necessary personal information should be collected |
Data minimization | Reasonable measures must be implemented to protect children’s data |
Data security | Parents can review, delete, or refuse further data collection |
Parental rights | Additional consent may be required before sharing data with third parties |
Data sharing restrictions | – |
COPPA compliance
COPPA compliance involves implementing processes and systems that align with the requirements of the rule.
Organizations may take steps such as:
- Determining whether their service is subject to COPPA
- Identifying what personal data is collected
- Implementing parental consent mechanisms
- Maintaining transparent privacy notices
- Applying safeguards to protect personal data
- Establishing data retention and deletion practices
Updates to COPPA
Recent updates to the COPPA Rule have introduced additional considerations around data sharing.
For example, updated requirements may include:
- More explicit limitations on sharing children’s data with third parties
- Additional consent requirements for advertising-related data use
- Increased focus on transparency and accountability
These updates reflect evolving expectations around children’s data privacy.
Why COPPA matters
Children’s data requires additional safeguards due to the sensitivity of personal information and the need for parental oversight.
COPPA establishes a framework that helps ensure:
- Parents are informed about data collection practices
- Children’s personal information is handled responsibly
- Organizations implement safeguards when processing children’s data
Related privacy terms
Commonly asked questions
COPPA stands for the Children’s Online Privacy Protection Act, which is implemented through the COPPA Rule.
COPPA law is a U.S. regulation that governs how online services collect and use personal information from children under 13.
Websites, apps, and online services directed to children under 13 or those that knowingly collect data from children must follow COPPA requirements.
COPPA compliance refers to the processes and measures organizations implement to align with the rule, including obtaining parental consent and protecting children’s personal data.
Adam is the Head of Digital Marketing at Clym, where he leverages his diverse expertise in marketing to support businesses with their compliance needs and drive awareness about data privacy and web accessibility. As one of the company’s original team members, Adam has been instrumental in shaping its journey from the very beginning. When he’s not diving into marketing strategies, Adam can be found cheering on his favorite sports teams or enjoying fishing.
Find out more about Adam