COPPA (Children's Online Privacy Protection Act)
No data from kids without a parent's say-so — the 1998 law with real teeth, freshly sharpened by the FTC's 2025 rule update.
- Term
- COPPA (Children's Online Privacy Protection Act)
- Is
- Children's Online Privacy Protection Act
- Enacted
- 1998, FTC rule effective April 21, 2000
- Updated
- Amended rule effective June 23, 2025
Forms & parts of speech
Definition in plain terms
COPPA — the Children's Online Privacy Protection Act — is the US federal law governing the online collection of personal information from children under 13. Enacted by Congress in 1998, implemented through an FTC rule effective April 21, 2000, it requires operators of child-directed sites and services (and anyone with actual knowledge they are collecting from under-13s) to post clear privacy notices and obtain verifiable parental consent before collecting, using, or disclosing a child's personal information. It is one of the few US privacy laws with decades of aggressive enforcement behind it.
The mechanics
COPPA turns on two questions. Is the service directed to children, judged by subject matter, visuals, music, child celebrities, and audience evidence — or does the operator have actual knowledge a user is under 13? If either answer is yes, obligations attach: verifiable parental consent before collection (the FTC approves methods from signed forms to ID checks), notice of what is collected and why, parental rights to review and delete, data minimization, retention limits, and security. 'Personal information' is broad — it includes persistent identifiers like cookies and device IDs, which is why BEHAVIORAL TARGETING aimed at children without consent is a violation even with no name attached. Enforcement is real: the FTC's record includes a $170 million settlement with Google and YouTube in 2019 and a $275 million penalty against Epic Games' Fortnite in 2022. The rule was amended in 2013 to cover the mobile era, and again in 2025 — the FTC published final amendments on April 22, 2025, effective June 23, 2025 — adding, among other things, opt-in parental consent specifically for disclosing children's data to third parties for targeted advertising, stronger data-retention limits, and expanded security requirements. For marketers the bright line is simple: no behavioral advertising to known under-13 audiences without verified parental opt-in, and contextual advertising is the safe harbor child-directed media actually runs on.
When it matters
COPPA matters to anyone whose product, content, or ad placements touch children — game studios, ed-tech, toy brands, family YouTube channels, and any advertiser buying against child-directed inventory. It matters even to general-audience services once they gain actual knowledge of under-13 users, which is why age gates and data flows need designing together. The discipline is conservative by default. Treat child-directed inventory as contextual-only, keep persistent identifiers out of kid data flows, verify consent through an approved method before any collection, and revisit compliance against the 2025 rule's tightened consent and retention requirements. The fines are large, but the deeper cost is trust — marketing to children is the one arena where 'move fast' reliably ends in a consent decree. (General information, not legal advice.)
Synonyms & antonyms
Synonyms
Antonyms
Origin & history
Congress passed the Children's Online Privacy Protection Act in 1998 amid the first wave of websites quietly profiling children; the FTC's implementing rule took effect April 21, 2000. Major amendments arrived in 2013 (covering mobile, plugins, and persistent identifiers) and again in 2025, when final-rule changes effective June 23, 2025 tightened consent, retention, and third-party disclosure for the social-and-streaming era.
Etymology: source.
Usage trends
Search interest for this term over the last five years:
Common questions
- What is COPPA?
- The US federal law — enacted 1998, FTC rule effective April 21, 2000 — requiring verifiable parental consent before collecting personal information online from children under 13.
- What counts as personal information under COPPA?
- Far more than names — persistent identifiers like cookies and device IDs count, so behavioral ad targeting of children without parental consent violates the rule even when 'anonymous.'
- What changed in the 2025 COPPA update?
- FTC amendments effective June 23, 2025 added opt-in parental consent for disclosing children's data to third parties for targeted ads, tightened retention limits, and expanded security duties.
Related tools & calculators
- toolCAC calculator
- toolLTV:CAC calculator
Resources & people to follow
- referenceFTC — COPPA rule
- referenceFederal Register — 2025 COPPA amendments
- referenceRGM analysis — for child-directed audiences, contextual is the business model; behavioral requires verified parental opt-in
Curated, non-competitor resources verified per term.
Related training
- modulePerformance marketing
Disciplines
Areas of marketing where coppa is a core concern:
Sources
- trendsGoogle Trends — "coppa"