Everything You Need To Know About COPPA

Graphic of people shaking hands with text 'Confidential Domain Name Brokers'.  | VPN.com

Staff Writer @ VPN.com

Last Updated:

In today’s world of digital stuff, it is super important to keep kids safe online. The Children’s Online Privacy Protection Act (COPPA) is like the savior here. It started in 1998 and makes sure that the personal information of kids under 13 is safe from bad online things and sneaky marketing tricks.

This law says that any websites or online places need a real thumbs-up from parents before they grab any information from kids. Following COPPA is a big deal for online businesses. If they don’t then they can get in big trouble with the Federal Trade Commission and face heavy penalties.

Sticking to the COPPA rules will not only make sure our younger people are extra safe but also builds a better digital world for everyone. So keep reading to find out about COPPA.

What Is The Children’s Online Privacy Protection Rule?

What Is The Children’s Online Privacy Protection Rule COPPA

In 1998, Congress made the Children’s Online Privacy Protection Act (COPPA) a thing. They told the Federal Trade Commission to make rules about how kids’ online privacy should work and the first set of rules started on April 21, 2000. Later, on January 17, 2013, they updated the rules and these new ones came in on July 1, 2013.

COPPA’s main job is to give parents the say-so on what information gets picked up from their little ones online. The idea is to keep kids under 13 safe on the ever changing internet. This rule covers businesses running websites and online services like mobile apps and smart toys, that are meant for kids under 13. It also includes general websites or services that know they are grabbing information from kids, even if it is through another site.

Here is what the rule says these operators must do:

  • Tell everyone what they do with personal information in a clear online privacy policy, especially when it comes from kids.
  • Let parents know directly and get the green light from them before gathering personal info online from their kids. There are a few exceptions, though.
  • Give parents the choice to agree to the operator using their kid’s information but not sharing it with others (unless it is necessary for the site or service and they make that clear to parents).
  • Allow parents to check out and even delete their child’s personal info.
  • Give parents the chance to stop more use or collection of their child’s personal info online.
  • Keep the info they get from kids safe and secret, only sharing it with folks who can keep it secure.
  • Hold onto personal info from a child only as long as needed and make sure to delete it securely when it’s not needed anymore.
  • Not make a kid give more info than really needed for the online activity they are into.

It is all about making sure kids stay safe and their online adventures are as secure as possible.

What Are COPPA Requirements For Websites?

What Are COPPA Requirements For Websites

When the Children’s Online Privacy Protection Act (COPPA) first came into play in 1998, the internet was a whole different ball game. Back then, Facebook and Twitter were just starting out and most people used the internet for research or staying in touch with friends and family. COPPA showed up because more and more kids were hopping online and it said that websites collecting info from kids under 13 needed a thumbs up from parents first.

Besides getting a nod from parents, COPPA also said that these websites had to spill the beans in a privacy policy. This policy had to spell out what info was getting picked up and how it would be used. Why? So parents could know exactly what was going on with their kids’ information and decide if they were cool with a certain website.

This law is a big deal for keeping kids’ online stuff private and all parents should know about it. If you are scratching your head about this privacy protection act or worried about your kid’s online privacy then you can buzz the Federal Trade Commission at 1-877-FTC-HELP. They have got your back.

What Is Considered “Personal Information” Under COPPA?

As per the Children’s Online Privacy Protection Act (COPPA), “personal information” covers specific details that can ID an individual, like their full name, home or other physical address, email, and contact number. It also throws in sensitive stuff like social security numbers or other government issued ID codes.

COPPA doesn’t stop there, it brings persistent identifiers into the mix. These include things like cookies or IP addresses, considered personal information because they can be used to recognize users and track what they do online over time. But not everything gets the personal information label under COPPA.

Take for example, anonymized data, general demographic info, and certain user created content. COPPA might not see them as personal information, especially if they don’t have identifiable details or can’t be easily linked back to a specific person.

What Are COPPA Requirements?

What Are COPPA Requirements

Understanding and following the rules of COPPA is super important for people running websites and online services for kids under 13. To play by the book, these operators have to get a real thumbs up from parents before snagging any personal info from the kids.

On top of that, they have got to lay it all out in a privacy policy, making crystal clear how they use and share info gathered from the little ones. It is a must to tell parents about their rights when it comes to their kid’s personal info. And operators should make it easy for parents to check out and delete their kid’s info whenever they feel like it.

Keeping the information under wraps, safe, and sound is a big deal, so tight security measures are a must. Another key thing is to ask parents nicely before passing on their kid’s information to others.

To stick to COPPA, operators can try out different tactics like using two-factor authentication to be extra sure about parental consent. They can also lock things down with secure encryption methods for storing and moving data. Following these rules not only keeps kids’ information safe but also builds trust with the users and helps dodge any legal headaches down the road.

Getting Verified Parental Consent

Getting the green light from parents is a big deal when you are getting personal information from kids under 13. This step is super important to make sure parents are cool with their child’s data being collected, keeping that privacy and security game strong.

To pull this off, businesses and groups can use different ways that are totally okay. One way is through email confirmation; parents get a heads up email and can hit a button to say, “Yes, I am good with this.” Another method is credit card verification where the parent tosses in their credit card details to prove it is really them.

If you want a smooth ride in getting consent then the trick is to keep those forms simple and clear. Make it easy for parents to say, “Sure, go ahead.” Doing things in a secure and reliable way is the cherry on top.

By sticking to these tips, businesses and groups can gather information from kids with confidence while giving props to parents for keeping their little ones safe and sound online.

Posting A Clear And Comprehensive Privacy Policy

Putting up a crystal clear and thorough privacy policy isn’t just a legal must do for websites and apps for grabbing personal information. But it is also a big deal in building trust with users.

Parents, especially, want the lowdown on how their kid’s information is being scooped up, used, and shared, when it comes to following the Children’s Online Privacy Protection Act (COPPA).

A privacy policy that plays by COPPA’s rules should be super clear. It needs to spill the beans on the other services which are collecting, handling, and sharing data. And it should lay out how parents can peek at, check out, and erase their kid’s information, giving them the reins on their child’s online world.

To make these policies user friendly, it is key to skip the legal lingo and go for easy language that everyone can get. Writing in clear headings and subtitles makes it a breeze for parents to find what they are after. And of course sticking an easy go to link to the policy on the website or app keeps things transparent.

In the end, a well crafted privacy policy isn’t just about following the rules – it is the glue that builds trust between users and the groups behind the website or app. It creates a safe and secure digital space for kids to explore.

Providing Notice To Parents

In compliance with COPPA regulations, it is very important for a corporation to provide “direct notice” to guardians before gathering data from youngsters below the age of 13.

This will help in refraining from acquiring information from minors until parental sanction is granted for both the collection and utilization of such data.

Under specific circumstances, COPPA does permit the collection of a highly restricted set of personal details without the necessity of furnishing direct notice to parents. However, it is important to note that information gathered under these exceptions is strictly prohibited from being used by external entities.

Outlined within COPPA’s Six-Step Compliance Plan are the following scenarios:

  • Acquiring verifiable parental consent.
  • Issuing voluntary notification to a parent regarding their child’s engagement on a platform or service that refrains from collecting personal information.
  • Directly addressing a singular or specific request from a child (e.g., participation in a competition).
  • Protecting the security or integrity of your website or mobile application.
  • Facilitating internal operations.
  • Ensuring the well-being of a minor.

Allow Parents To Limit Information

Allow Parents To Limit Information for COPPA

As far as we think, kids’ information; how it should be used – should be the right of parents. It is not a decision that online services or websites can take. So, whenever they are asking consent from the parents they should make sure that parents have the option to disagree. They should have the right to delete any information that seems a threat to their kids safety. There should be an option where parents can review and analyze if their children’s information is protected and not misused. 

Companies might offer various methods to comply with these requirements so that parents can easily access information such as:

  • Online Account Management Tools
  • Email Requests 

Both methods are great if you want to access your kids’ information. However, if you are looking for enhanced security then parents can ask for:

  • Strong Authentication Protocols
  • User Friendly Navigation

These tools will make sure to provide parents with access that they can review, analyze, and delete their children’s information. This way they will know that their kids’ information is not compromised.

Maintaining The Confidentiality, Security and Integrity Of The Information

We all are working for the children’s safety, right? This is why it is important for websites and online businesses to maintain the confidentiality, security, and integrity of the information. They should ensure that the information is correctly used and they have a strong and secure server that can’t be attacked easily.

They can use various data protection practices; encryption and access control to make sure that no third party tries to enter and the data is secured. Any company that is also aligned with third parties and sharing the data should ensure that the third parties are reliable too. They should make sure that third parties have the same security and privacy rules as theirs. Because it will make sure information is in the right hands.

These methods will reduce the risk of data breaches and maximize the protection of your children’s information.

Obtain Consent Before Sharing With Third Parties

We know that you might have worked a lot on your privacy and security to protect kids information but do you trust the third parties? And for instance if you do, do you think parents might trust third parties with their kids’ information? So before taking a risk like that COPPA has made sure that you should get parents consent before handling any information to third parties.

It has been stated in their rules that you should also enlist any third party that you ought to be sharing information with. This way you can protect your company too. Because no one would blame you if the information was to be leaked by third parties. Because it would be with the consent of everyone.

What Are The Exceptions For Parental Control?

What Are The Exceptions For Parental Control COPPA

If your company needs to follow COPPA and you can’t go for the “Email” method then here is a simple guide. It highlights situations where you might gather specific personal info without needing parental approval.

This guide also helps you figure out what information you can collect and how you can use it.

Remember: Stick to what is on the list. Don’t collect more than that and use the information only as described for the specific purpose.

Seeking Parental Consent

If you are reaching out to a parent for their approval to collect their child’s personal details then you are allowed to gather only the child’s and parent’s names along with their online contact info. Any additional information is a no go.

This gathered data is only for the purpose of seeking the parent’s consent. If there is no response from the parent within a reasonable timeframe then you must completely erase the records of the contact information.

Informing a Parent about a Child’s Site/App Usage with No Personal Info Collection

For this scenario, you are permitted to obtain the parent’s online contact information but you can only use it to convey that specific information. When communicating with the parent you should ensure that your message includes:

  • The reason you got their online contact information was to inform them about their child’s engagement on your site/app.
  • Clarify that your site/app doesn’t gather personal information.
  • Assure them that their email won’t be used for any other purpose.
  • Provide a link to your Privacy Policy.
  • Additionally, let the parent know they can reply to decline their child’s use of your site/app and request the deletion of the contact information.

Child’s One-Time Request

If a child contacts you for a single thing like entering a contest or asking a question then you are allowed to collect their online contact information, such as an email address.

Remember: You can only use this online contact information to respond to that specific request and you must delete it once the request is dealt with.

Multiple Requests by a Child

If a child wants to connect with you more than once like signing up for your monthly newsletter then you can gather both the child’s and parent’s online contact info but nothing beyond that.

You need to inform the parent about:

  • Collecting their online contact information to update them about their child’s multiple online communications.
  • Using the child’s online contact info for these communications.
  • Assuring that the child’s information won’t be used for anything else or shared with anyone else.
  • Giving the parent the option to stop the child from receiving the communications.
  • Include a link to your Privacy Policy.

Child’s Safety

In situations where a child’s safety might be in danger like a local abduction case involving a frequent visitor to a particular website. Then you may collect the child’s name, the parent’s name, and both their online contact info.

Inform the parent about:

  • Collecting this information to protect the child’s safety.
  • Ensuring the information won’t be used or disclosed for any other purpose.
  • Providing the parent the right to decline the use of the contact info and request deletion.
  • Include a link to your Privacy Policy.

Safeguarding Security, Integrity, and Liability

In situations where you must protect the security, and integrity, or handle legal matters, you can collect a child’s name and online contact information if it is legally mandated or necessary for security or liability reasons. 

Remember: You are only allowed to collect the name and contact info – nothing more.

Usage of this information is highly restricted. You can’t contact the person, create a profile, or use it for advertising purposes.

Internal Operations Assistance

For tasks like user authentication, content personalization, and legal compliance, you can gather a cookie number, IP address, or another persistent identifier from site visitors which includes children under 13 too.

This information is impersonal and only related to site or service visitation; irrespective of age. Strictly refrain from collecting any other info for these purposes and you can’t use this data to directly contact the child.

Misrepresentation of Age on Registration

This exception comes into play only if these three conditions are met:

  • Only a persistent identifier was gathered from the child; with no personal information like name or email address collected.
  • The child was genuinely using your site or service, prompting the collection of the persistent identifier.
  • In a previous age screening; the child claimed to be 13 or older.
  • In such cases, you can retain the collected persistent identifier but cannot gather additional personal info without parental consent.

There aren’t separate COPPA compliance rules for websites compared to mobile apps. All operators collecting data from kids under 13 must adhere to the same regulations mentioned above and deal with privacy features accordingly.

Although compliance is uniform, there are slight variations based on the platform you are on. Websites must follow COPPA just like mobile apps, even if the website is an online game for kids.


So now we know how important it is for us to comply with COPPA. It is for our own kids’ privacy. Parents should take it seriously because kids mostly don’t know what they are doing and can get themselves into problems. However, COPPA has been especially made for nothing like this to happen in future. So, if you follow the rules then you can make sure to protect your kids’ privacy.

We all know that these are the rules that should be mainly followed by the websites and internet services; parents only have to see if they are being followed. So, make sure not to disappoint your customers. However, there might be exceptions that we have stated above about parental control.If you still have any query then feel free to drop a message.

Customer Reviews for NordVPN: In-Depth Review, Tests, and Stats

IR Irina

Everything You Need To Know About COPPA
Connection issues with MLB.TV
So I had some connection issues on my iOS device (iPad) with MLB.TV streaming, and representative named Garfield SOLVED my unique problem that I had spent hours researching and tackling with no luck before today! Garfield was extremely patient, personable, and very knowledgeable. Through multiple approaches and problem-solving steps, he created a solutuon that worked. Way to go, and definitely a returning NordVPN customer here. Thank you, Garfield.
Date of Experience:
May, 2 2023
CH Christina

Everything You Need To Know About COPPA
Prompt customer service
My subscription automatically renewed and a payment was taken, which I didn’t want as I haven’t been using the service. I contacted the company and received a prompt and efficient response where my subscription was reversed and the payment was returned. If only every company was so easy to contact and communicate with!
Date of Experience:
May, 6 2023

Everything You Need To Know About COPPA
Great customer service
Had some problems with some qbitorrent files and could never find out myself. Looked online for hours which was honestly a waste of time, as I could of just went to NordVPN's customer service chatbox. This was surprising as I was stuck on this all night long but was stupid not to ask customer service but even then, they were able to quickly get me to an agent that could handle my issues. Khai was my agent and he was so nice and like so patient with me because this was all new to me. I did not know for the setup for qbitorrent and nordvpn that the input values for the service credentials isnt your username and password but rather a special key on your own personal dashboard. Khai was even nice and patient enough to explain some terminology for me which was super nice of him. Honestly although vpns can sound confusing, nordvpn knows this and hired/trained some pretty smart customer service members so if you have any issue or problems, just go to the chatbox. Super nice people and chill to talk to and very fast.
Date of Experience:
May, 4 2023