Children's Online Privacy Protection Act of 1998 (COPPA)

Last Updated: December 30, 2012

Definition - What does Children's Online Privacy Protection Act of 1998 (COPPA) mean?

The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that prohibits websites from knowingly collecting and maintaining the online information and privacy of children under the age of 13. COPPA gives parents control of information collected from their children online. The law was enacted on October 21, 1998 and became effective April 21, 2000. COPPA violations are subject to civil penalties (up to $11,000 for each violation).

On December 19, 2012, the FTC introduced changes and updates to COPPA in the wake of the December 14 shootings at Sandy Hook Elementary School in Newtown, Connecticut.

Free White Paper: "AI in the Insurance Industry: 26 Real-World Use Cases" | Discover what the future of insurance holds and how AI innovation can be used to hit the mark even more precisely.

Techopedia explains Children's Online Privacy Protection Act of 1998 (COPPA)

Historically, COPPA defined the Internet of 1998, which did not include current information collection practices and technologies, such as Web advertising, mobile Web, geolocation and photos/images. The FTC's revisions will affect the way that children use smartphones and applications (apps).

COPPA applies to any online collected data about children, including a child's name, address, phone number and email address, and covers other types of data tied to a child's personal information, like interests, hobbies or data derived from cookies or other tracking mechanisms.

The Federal Trade Commission (FTC) enforces oversight and compliance of the COPPA law and rule, which applies to the following:

Commercial websites or online services geared toward children under 13 that collect personal information from children. The FTC considers factors like audio/visual content, subject matter, advertising, site model age and language.
Websites or online services geared toward a general audience with knowledge of the collection of personal information from children. The FTC considers the website owner, who pays for data collection and maintenance, preexisting contractual relationships connected with the data and information and the role of a website in information collection.

Per COPPA, websites that fall under either category must do the following:

Post a website privacy policy describing its practices related to the collection of the personal information of children
Allow parents to secure parental permission before data is collected
Allow parents to choose to consent to the website's collection and use of children's information. However, this data may not be disclosed to third parties.
Allow parents to access their child’s personal data for review and/or information deletion
Allow parents to prevent continued online collection or use of personal information
Maintain the security, integrity and confidentiality of information collected from children