Member of International Association of Privacy Professionals

our Blogs

Insights and Innovations: Your Go-To Blog for Privacy Management, Website Development, Accessibility Solutions, Ethical Analytics, and More—featuring expert tips, industry trends, and practical solutions to scale your digital presence.

What’s Going on With the Children’s Online Privacy Protection Act (COPPA)?

In today’s digital-first world, children are growing up immersed in technology, from educational apps to gaming platforms and social media. While these digital tools offer opportunities for learning and connection, they also bring serious concerns about how young users’ personal data is collected and used.

That’s where the Children’s Online Privacy Protection Act (COPPA) comes in. Enacted back in 1998, COPPA was groundbreaking at the time, but as technology has rapidly evolved, so too has the urgency to update this legislation.

So, what’s happening with COPPA now? What do organisations need to know to stay compliant and build trust with families?

Let’s take a closer look.

A Quick Refresher: What Is COPPA?

COPPA is a U.S. law designed to protect the privacy of children under 13. It places specific requirements on websites, apps, and online services that are either directed at children or knowingly collect data from them.

Key responsibilities under COPPA include:

  • Providing clear privacy policies
  • Obtaining verifiable parental consent before collecting a child’s data
  • Allowing parents to view, delete, or manage their child’s information
  • Ensuring proper safeguards are in place to protect that data

The law covers personal information like names, email addresses, phone numbers, IP addresses, geo-location data, and more.

Violations can result in significant penalties, something big tech companies like YouTube and TikTok have already experienced firsthand.

Why Is COPPA Being Reviewed?

Since COPPA was passed over two decades ago, the internet has changed in ways few could have predicted. Children now use a wide range of interactive platforms, not just websites, but mobile apps, smart devices, gaming systems, and AI-powered learning tools.

Some of the biggest concerns prompting a review include:

  • Increased screen time and digital exposure among children
  • Use of personalised algorithms that track behaviour
  • Blurred lines between adult and child-focused content
  • Growing influence of international privacy standards
  • Difficulty enforcing rules in modern tech ecosystems

As a result, lawmakers and privacy advocates have called for COPPA to be modernised to better reflect how today’s kids engage online.

What Might Change?

The FTC began formally reviewing COPPA in 2019, and while no final decisions have been announced, several key updates are being considered:

1. Raising the Age Limit

Some proposals suggest extending protections up to age 16 or even 18. This would better align with adolescent privacy needs, especially in light of algorithmic content targeting.

2. Clearer Rules on What Counts as ‘Directed to Children’

The current definition can be vague. Platforms often struggle to determine if they’re subject to COPPA, especially if their audience includes both kids and adults.

3. Stronger Consent and Age Verification Tools

The industry is calling for more effective and user-friendly ways to gain verifiable parental consent, without friction or privacy trade-offs.

4. Limits on Data Sharing and Behavioural Advertising

There’s a growing push to reduce or prohibit the use of children’s data for personalised advertising or third-party profiling altogether.

5. Data Minimisation Requirements

Future updates may force platforms to collect only the bare minimum data needed, and ensure it’s used solely for what was originally intended.

Other Related Legislation: The Kids Online Safety Act (KOSA)

In parallel to COPPA reform, the Kids Online Safety Act (KOSA) is also gaining traction. While COPPA focuses on data privacy, KOSA aims to tackle online harms, like exposure to harmful content, addictive design features, and algorithmic risks.

If passed, KOSA would require platforms to:

  • Conduct annual risk assessments
  • Offer stronger parental controls
  • Increase algorithm transparency

Together, these laws reflect a broader shift toward putting child safety front and centre in tech policy.

Global Shifts in Child Privacy Regulation

The U.S. isn’t alone. The UK’s Age-Appropriate Design Code, launched in 2021, requires online services to default to high privacy settings for under-18s and discourages nudging children to weaken privacy protections. The EU’s GDPR-K provisions offer similar protections.

This global wave of regulation means businesses that operate internationally, or hope to grow, must stay ahead of evolving standards, not just local ones.

What This Means for Your Organisation

If your business develops apps, runs online services, or provides digital content that might be used by children or teenagers, it’s time to take a proactive look at your privacy. practices.

Start by asking:

  • Do we know whether children are using our platform?
  • Is our privacy policy easy to understand, especially for parents?
  • Are we collecting more data than we need?
  • Have we reviewed our third-party tracking tools or ad networks?
  • Are we compliant with both COPPA and international standards?

This isn’t just about ticking legal boxes. It’s about building trust with families and users in an era where data ethics and transparency matter more than ever.

How Green Arrow Consulting Can Help

At Green Arrow Consulting, we know that navigating data privacy laws, especially when they involve children, can feel overwhelming. Whether you’re a startup developing a new educational app or a well-established company updating your compliance policies, we’re here to guide you through the process.

Here’s how we support our clients:

Privacy Policy Review & Customisation

We help ensure your policies are up-to-date, easy to understand, and legally compliant, with special attention to age-specific requirements.

Risk Assessments & Readiness Audits

We conduct audits to identify where you may be at risk of non-compliance and offer a clear roadmap to fix gaps.

Consent Management Solutions

Need a better way to obtain and manage parental consent? We help you implement systems that are both effective and user-friendly.

Training for Your Team

From developers to marketers, we offer tailored training on privacy best practices so your whole team is on the same page.

Global Compliance Strategy

For businesses looking beyond U.S. borders, we ensure your privacy policies align with international standards like the GDPR and the UK Children’s Code.

Staying compliant shouldn’t be about fear; it should be about building safer, more responsible digital experiences, and with the right support, it doesn’t have to be. complicated.

Final Thoughts

As children spend more of their lives online, protecting their privacy isn’t just a legal responsibility; it’s a moral one. The reform of COPPA and the rise of complementary laws like KOSA mark a turning point in how we think about kids and technology.

Now is the time to stay informed, make thoughtful adjustments, and commit to creating safer digital spaces.

If you’d like a trusted partner to help you get there, Green Arrow Consulting is ready when you are.

Recent Posts

Categories

Scroll to Top