COPPA

COPPA is a U.S. federal law, enforced by the Federal Trade Commission, that protects the privacy of children under 13 online. It applies to operators of commercial websites, apps, and online services that are directed at children or that have actual knowledge that they are collecting data from a child.

The law requires operators to post a clear privacy policy, obtain verifiable parental consent before collecting personal information from children, give parents access to their child’s data and the ability to delete it, and avoid conditioning a child’s participation on providing more data than is necessary. Verifiable consent methods include signed consent forms, credit card verification, video calls, and knowledge-based authentication.

Violations carry significant per-record penalties, and enforcement actions have targeted both operators and third-party data collectors.

For CIAM, COPPA creates specific requirements for age gating, parental consent workflows, and data handling whenever the platform serves an audience that may include children under 13.

Sources

• U.S. FTC, Children’s Online Privacy Protection Rule: https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa