COPPA: The U.S. Privacy Law Protecting Children Under 13 Online 2025
Protecting children’s data online has become more important than ever. In the United States, one of the key laws designed for this purpose is the Children’s Online Privacy Protection Act (COPPA). Below is a clear, accessible overview of what COPPA requires and why it matters for anyone running a website, app, or online service used by young children.
What Does COPPA Require?
1. A clear and accessible privacy policy
Operators must publish a straightforward, easy-to-find privacy policy explaining what data is collected from children, why it’s collected, and how it will be used.
2. Parental consent is mandatory
Before collecting personal information from a child, companies must obtain verifiable parental consent. They must also send direct notice to parents. Only a few limited exceptions apply.
3. Parents stay in control
Parents have the right to review the personal information collected about their child, request deletion, and refuse further data collection or use.
4. Limited sharing with third parties
Parents may allow internal use of their child’s data but block sharing with third parties—unless it’s essential for the service to function.
5. Data minimization and strong security
Operators must protect the confidentiality and security of children’s information and keep it only as long as necessary. Collecting unnecessary data is not allowed.
6. No unnecessary data as a condition of access
A child cannot be required to provide more personal information than reasonably needed to participate in a game, activity, or feature.
Enforcement and What’s Next
The Federal Trade Commission (FTC) and state attorneys general enforce COPPA. Since the law focuses specifically on children under 13, it doesn’t cover teenagers. However, the FTC and several states are exploring whether additional protections are needed for minors over 13.
Source:
