COPPA (Children's Online Privacy Protection Act )

The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC).

The Act specifies:

  • That sites must require parental consent for the collection or use of any personal information of young Web site users.
  • What must be included in a privacy policy, including the requirement that the policy itself be posted anywhere data is collected.
  • When and how to seek verifiable consent from a parent or guardian.
  • What responsibilities the operator of a Web site legally holds with regards to children's privacy and safety online, including restrictions on the types and methods of marketing targeting those under 13.

COPPA was passed to address the rapid growth of online marketing techniques in the 1990s that were targeting children. Various Web sites were collecting personal data from children without parental knowledge or consent. Research published by the Center for Media Education showed that children did not understand the potential negative outcomes of revealing personal information online. In the wake of media reports demonstrating the ease of gathering private data from children, the public pressured Congress to legislate.

Although COPPA does not specifically define how parental consent should be gained, the (FTC) has established guidelines to help Web site operators ensure compliance with the Act. These suggestions include:

  • Clear display of downloadable consent forms that may be mailed or faxed to to the operator.
  • Requiring that a parent use a credit card to authenticate age and identity.
  • Requiring that a parent call a toll-free phone number.
  • Accepting an email from a parent that includes a digital signature.

COPPA requires that site operators allow parents to review any information collected from their children. In practice, this means that any relevant site has to provide full access to all user records, profiles and log-in information when a parent requests it. The FTC has stipulated that parents may delete certain information but may not otherwise alter it.

Any Web site that collects information from children under the age of 13 has to abide by COPPA. The Act affects many popular sites like,,, and other social networking sites.

COPPA should not be confused with COPA, the Child Online Protection Act, which was relevant to the exposure of children to online pornography. COPA was ruled to be unconstitutional and was placed under injunction.

This was last updated in May 2010

Continue Reading About COPPA (Children's Online Privacy Protection Act )

Dig Deeper on Industry-specific requirements for compliance