What is the COPPA Children's Online Privacy Protection Act?

The Children's Online Privacy Protection Act (COPPA) requires that operators of websites or online services directed to children under a certain age must provide notice on the site and obtain verifiable parental consent before collecting data.

Passed by Congress in 1998, and enacted in 2000, COPPA requires that the Federal Trade Commission (FTC) issue and enforce rules to protect the online collection and use of personal information from children under the age of 13. Its primary goal is to put parents more in control over what information is collected from their younger children online.

The rule applies to operators of commercial websites and online services, including mobile apps directed to this age group, that knowingly use or disclose personal information from children for general audience websites.

It includes the stipulations that operators must:

• Post a clear and comprehensive online privacy policy describing their practices for personal information collected online from children
• Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting person information online from children
• Give parents the choice of consenting to the operator's collection and internal use of this information by prohibiting them from disclosing it to third parties; provide parents the ability to view and delete their child's info, and; give parents the opportunity to prevent further use or online collection of their child's personal info
• Maintain the confidentiality, security and integrity of information they collect from children, including taking reasonable steps to release such information only to parties capable of also maintaining this confidentiality and security
• Retain personal information collected online from a child for only as long as necessary to fulfill the purpose for which it was collected, and delete the information using reasonable measures to protect against its unauthorized access or use