Legal Summary:
Children's Online Privacy Protection Act

The Children’s Online Privacy Protection Act is one of the few federal online privacy law in the United States. Other statutes include sections about health and financial privacy, but COPPA is the only current statute that addresses universal privacy for an entire demographic -- children under 13.

The Children’s Online Privacy Protection Act requires parental consent before a) kids can make online purchases and b) ISPs can collect children’s personal information. The statute also includes provisions for educational software used in schools.

Below, you’ll find a summary of COPPA rules, plus links to case studies and updates involving the Children’s Online Privacy Protection Act.

(Being investigated for a COPPA violation? Our team of Internet law attorneys can help.)

Contact »

COPPA Rules: What Businesses Need To Know

COPPA Rules: Who Is Beholden To COPPA Regulations?

All data-collecting, commercial ISPs, plugins, apps, and websites, which are potentially attractive to minors, must adhere to the parameters. Even if your site or app isn’t intended for minors, but kids use it, you’re still responsible for sticking to COPPA rules. During investigations, the FTC -- and ultimately judges -- consider a properties subject matter, advertising, design, age of the models, features.

COPPA Rules: Information Quality Matters

When investigating a possible COPPA breach, the FTC considers the quality of the collected information. Experts look at:

  • Who controls and owns the collected data?
  • Who maintains the data?
  • Is there a pre-existing contractual agreement?
  • What role did the website or ISP play in managing and maintaining the information?
COPPA Rules: Parental Notice

Privacy policies must include the what, why, where, and how of a given site’s data collection procedures. The policy must also explain how can submit consent -- as well as complaints.

(Click here to read more about the different ways parents can issue COPPA consent.)

Wait, There's More! For Even More COPPA Frequently Asked Questions, Follow This Link »

COPPA Rules: What Constitutes Personal Data?

Under the current iteration of the Children’s Online Privacy Protection Act, the following things are considered “personal data”:

  • Full Name
  • Home Address
  • Email Address
  • Telephone Number
  • Social Media Account
  • Cookies (digital, not chocolate)
COPPA Rules: Required Website Privacy Notice Under

The Children’s Online Privacy Protection Act requires websites to post policies that explain exactly how collected data is used and stored. Additionally, the link to this policy must sit, conspicuously, next to every section where data is collected.

The privacy terms should also include:

  • The names of the website operators and contact info, for at least one;
  • Contact info for any relevant third-party proprietors;
  • Information on how to disallow third-party access to the information; and
  • Data deletion and cease collection instructions.

COPPA Rules Blog: Case Studies
and Statute Amendments

Below are a few articles covering updates to the Children’s Online Privacy Protection Act, plus some related case studies.

Read »
California online privacy law list
SPAN TAG COPPA Is One Of California's Privacy Laws
Read »
COPPA lawyer explains online privacy legal audit
SPAN TAG Anyone Marketing In U.S. Must Follow COPPA
Read »
Blog post about COPPA law
SPAN TAG New Consent Tool Gets COPPA Approval
Read »
Blog Post about New COPPA law
SPAN TAG New COPPA Rules = Opportunity
Read »
COPPA lawsuits
SPAN TAG COPPA Case Example: Music Fan Site Censured
Read »

Speak With A COPPA Lawyer

Are you a marketer, website operator, or development firm with COPPA questions? If so, please get in touch. For years, our Internet law attorneys have helped clients avoid non-compliance fines. We also work with parties under investigation by the Federal Trade Commission for Children’s Online Privacy Protection Act abuses.

Let's Talk »