What’s COPPA?

Print anything with Printful



The Children’s Online Privacy Protection Act regulates the collection of personal information about children under 13 in the US. Companies must provide a privacy statement, obtain parental permission, and allow opt-outs. The FTC enforces the act, which only applies to websites with children’s audiences, including foreign sites targeting children in the US. Violations can result in fines.

Since April 2000, the Children’s Online Privacy Protection Act has been in effect in the United States to regulate and control the collection of personal information about people under the age of 13. The act covers the methods of collection, storage, use, and disclosure of personal information about children permitted by organizations and individuals within the jurisdiction of the United States. Under the Children’s Online Privacy Protection Act, companies found in violation can face hefty fines.

Businesses, organizations, and services are often eager to gather details about their consumers, looking for ways to improve products, increase sales, or otherwise gain an edge over competitors. The companies that deal with markets for children and preteens are no exception. Through techniques such as surveys, contests or club memberships, they may collect customers’ names and addresses, telephone numbers, email addresses and other personal details.

The Children’s Online Privacy Protection Act requires anyone collecting information about children to provide a detailed privacy statement. This policy must clearly outline what information is required, how the information will be used, who will have access, and whether the information will be shared with other individuals or organizations. Only relevant details should be collected, such as the minimum information required to participate in a contest, game or similar activity. A link to the privacy policy is required on any web page where details are requested. Verifiable parental permission is required before any information can be collected.

Organizations are required to inform children and parents if they intend to share information with third parties. You also need permission to share the details and parents or children can opt out if they wish. Organizations must also provide options to remove personal data from the database upon request and to opt out of future surveys, data collection, emails or promotions.

Oversight and enforcement of the Children’s Online Privacy Protection Act rests with the United States Federal Trade Commission (FTC). The act was designed to encourage self-regulation within the business community. This safe harbor provision allows groups to seek approval on self-regulatory guidelines and procedures. Violations of these guidelines would be addressed through the Safe Harbor organization. Only when these disciplinary actions fail would FTC enforcement be required.

Only websites with children’s audiences fall under the provisions of the Children’s Online Privacy Protection Act. Sites aimed directly at children and general websites that target children are affected, and the act does not apply to other sites. As a US law, the Children’s Online Privacy Protection Act is somewhat limited in its overall effectiveness, but the act applies to foreign websites that target children in the US




Protect your devices with Threat Protection by NordVPN


Skip to content