Skip to main content
NOPE
In Effect Law Child Protection High Relevance

COPPA

Children's Online Privacy Protection Act (COPPA) + FTC COPPA Rule (16 CFR Part 312)

Baseline US children's data privacy regime. Applies to operators of websites/online services directed to children under 13, and to general-audience services with actual knowledge they collect personal info from under-13 users.

Jurisdiction

United States

US

Enacted

Oct 21, 1998

Effective

Apr 21, 2000

Enforcement

Federal Trade Commission (FTC) + State Attorneys General

Who Must Comply

This law applies to:

  • Operators of child-directed websites/online services
  • Operators with actual knowledge they collect personal info from children under 13
  • Ad networks / plug-ins collecting from child-directed properties

Applicability thresholds:

Under 13 years old

Parental consent required for data collection

Who bears obligations:

Operator

Safety Provisions

  • Provide clear/complete privacy notices for children's data practices
  • Obtain verifiable parental consent before collecting/using/disclosing personal information from children under 13
  • Give parents access/choice rights (review, delete, refuse further collection)
  • Data minimization: cannot condition participation on more data than reasonably necessary
  • Maintain reasonable security procedures for children's personal information
  • Retention limits: keep children's data only as long as reasonably necessary, then delete securely
  • Cannot disclose children's data to third parties without parental consent

Compliance Timeline

Apr 21, 2000

Initial COPPA Rule becomes effective

Jul 1, 2013

2013 amendments effective (expanded definitions, new parental consent requirements)

Jun 23, 2025

2025 amendments effective

Oct 22, 2025

Safe Harbor programs compliance deadline

Apr 22, 2026

Full operator compliance deadline for 2025 amendments

Enforcement

Enforced by

Federal Trade Commission (FTC) + State Attorneys General

Penalties

$53K/violation

Per violation: $53,088

Civil penalties up to $53,088 per violation (2025 inflation-adjusted); injunctive relief.

Quick Facts

Binding
Yes
Mental Health Focus
Yes
Child Safety Focus
Yes
Algorithmic Scope
Yes

Why It Matters

If your product can plausibly attract under-13 users (games, companions, character chat, social features), COPPA is the US "tripwire" that forces consent + minimization. FTC actively enforcing against AI companies.

Recent Developments

FTC issued final COPPA Rule amendments January 2025; effective June 23, 2025; full compliance deadline April 22, 2026. Expands "personal information" definition, strengthens consent requirements, limits data retention.

What You Need to Comply

You need: age-screening strategy (or strict "no-collection-from-kids" guardrails), verifiable parental consent flow, parental rights workflows (access/delete), data minimization + retention deletion, and vendor/SDK controls to prevent silent third-party collection.

NOPE can help

Cite This

APA

United States. (1998). Children's Online Privacy Protection Act (COPPA) + FTC COPPA Rule (16 CFR Part 312). Retrieved from https://nope.net/regs/us-coppa

BibTeX

@misc{us_coppa,
  title = {Children's Online Privacy Protection Act (COPPA) + FTC COPPA Rule (16 CFR Part 312)},
  author = {United States},
  year = {1998},
  url = {https://nope.net/regs/us-coppa}
}

Related Regulations

Pending US Child Protection

COPPA 2.0

Would expand COPPA-style protections to teens (13-16) and add stronger constraints including limits on targeted advertising to minors. Often paired politically with KOSA.

Pending US Child Protection

KOSA

Would establish duty of care for platforms regarding minor safety. Passed full Senate 91-3 in July 2024; passed Senate Commerce Committee multiple times (2022, 2023). Not yet enacted.

Enacted US-VT Child Protection

VT AADC

Vermont design code structured to be more litigation-resistant: focuses on data processing harms rather than content-based restrictions. AG rulemaking authority begins July 2025.

In Effect FR Online Safety

FR SREN

France's 2024 "digital space" law strengthening national digital regulation and enforcement levers via ARCOM across platform safety and integrity issues.

In Effect UK Online Safety

UK OSA

One of the most comprehensive platform content moderation regimes globally. Creates specific duties around suicide, self-harm, and eating disorder content for children with 'highly effective' age assurance requirements.

In Effect EU Online Safety

AVMSD

EU directive setting baseline safety and minor-protection duties for audiovisual media services and video-sharing platform services, including measures to protect minors from harmful content.

Back to all regulations Check if this applies to you