Statutory texts

Official guidance

Legislative overview

Statutory purpose

The Children’s Online Privacy Protection Act (COPPA), enacted in 1998, establishes a comprehensive framework for protecting the privacy of children under 13 in the online environment. The law addresses the unique vulnerabilities of children in digital spaces by regulating data collection, use, and disclosure.

Key statutory provisions

1. Scope of protection

  • Applies to: Websites, online services, and mobile applications likely to be used by children under 13
  • Geographical reach: Covers U.S.-based online services and international services targeting U.S. children

2. Defined personal information

COPPA comprehensively defines personal information to include:

  • Full name
  • Home address
  • Email address
  • Phone number
  • Social security number
  • Online contact information
  • Screen or username
  • Photograph
  • Audio or video file with child’s voice or image
  • Geolocation information
  • Persistent identifiers (cookies, IP addresses)

3. Key compliance requirements

  • Obtain verifiable parental consent before collecting personal information
  • Provide clear, comprehensive privacy notices
  • Implement robust data protection mechanisms
  • Limit data collection to necessary information
  • Provide parents access to collected information
  • Allow parents to review and delete child’s data

Enforcement mechanisms

Federal Trade Commission (FTC) enforcement

  • Penalty range: Up to $46,517 per violation (as of 2023)
  • Enforcement actions:
    • Monetary penalties
    • Mandatory compliance orders
    • Public disclosure of violations

Landmark enforcement cases