The Children's Online Privacy Protection Act (COPPA)


PRIVO is a long-standing FTC certified COPPA Safe Harbor. Learn more about the Children's Online Privacy Protection Act (COPPA) and how parents are given the right to protect their children's information online.

What is COPPA?

The Children's Online Privacy Protection Act, known as COPPA, was enacted by the United States Congress in 1998, and became effective on April 21, 2000. COPPA required the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. In addition, COPPA gives states and certain federal agencies authority to enforce compliance with respect to entities over which they have jurisdiction.


searchAsset 1@4x

COPPA places certain requirements on operators of websites or online services (apps, games online, connected toys, learning platforms, etc.) that are directed to children under 13 years of age or that have actual knowledge that they are collecting personal information online from a child under 13 years of age.


computerAsset 2@4x

COPPA requires operators to notify parents of their information practices; obtain verifiable parental consent; collect the least amount of data possible; and maintain reasonable procedures to protect the confidentiality, security, and integrity of children’s personal information.

The primary goal of COPPA is to place parents in control over what information is collected from their young children under the age of 13 online and to protect them while accounting for the dynamic nature of the Internet.


cashAsset 3@4x

COPPA provides the FTC with civil penalty authority to encourage compliance with the COPPA Rule. The FTC has taken law enforcement actions against companies that failed to comply with the provisions of the law. A court can hold operators who violate the Rule liable for civil penalties of up to $50,120 per violation. 

Want to learn more about COPPA? Read the full Rule from the FTC or check out our What is COPPA? blog.

How do I determine if my online property triggers COPPA?

coppachecklistAsset 4@4x

Do you...

  • Collect personal info from children under 13 (first name, last name, email, phone, username, password, age, gender, city, state, hobbies, etc.)?
  • Facilitate the ability to upload pictures, video or audio?
  • Provide wish list, sharing and/or “tell a friend” features?
  • Use behavioral or contextual marketing?
  • Share information with third parties or ad networks?
  • Enable connected smart toy or device 
  • Provide Facebook login or other open ID authentication services?
  • Chat and/or messaging board functions?
  • Newsletter and/or push notifications?
  • Attract children even though they are not your target audience?


If you can say YES to any of the above, then reach out to one of our experts.

Contact Us

How do I comply with COPPA?

COPPA requires that online services and operators adhere to specific guidelines regarding the collection and handling of personal information (PI). Here are some tips on how to comply:

  • Understand how to define and handle your audience under COPPA.
  • Make sure you post a clear privacy policy and it is up to date.
  • Understand what constitutes personal information.
  • Notify parents and get their verifiable parental consent before collecting, using, or disclosing a child’s personal information, unless the collection fits into one of the Rule’s exceptions.
  • Understand the different levels of parental consent depending on what is collected.
  • Take reasonable measures to ensure that service providers and third parties you use have reasonable procedures in place to protect confidentiality, security and integrity of personal information.
  • Do not retain personal information longer than reasonably necessary for purpose for which it was collected.
  • Take reasonable measures to avoid loss or exposure of personal information when deleting it from your records.
  • Provide parents access to review, request deletion of and withdraw consent for collection of personal information from their child.

For more information, read our Top Five COPPA Tips blog.

COPPA Safe Harbors

What is a COPPA Safe Harbor?

The FTC’s COPPA Rule includes a “safe harbor” provision that allows industry groups and others to seek Commission approval of self-regulatory guidelines that implement “the same or greater protections for children” as those contained in the COPPA Rule.

Companies and organizations that participate in an FTC-approved safe harbor program will, in most circumstances, be subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement.

Safe harbor programs must demonstrate that they meet certain performance standards, as outlined in Section 312.11 of the Rule.

PRIVO’s COPPA Safe Harbor Certification Program

PRIVO is approved by the FTC as an authorized Safe Harbor under the COPPA. Program members agree to submit to PRIVO’s oversight and consumer dispute resolution process. Members must meet definitive standards to assure that they are fully compliant with COPPA, offering a comprehensive service that includes auditing a digital property as it relates to children's privacy, parental notice and consent, and best practices for safer online communities. In addition to yearly audits and quarterly reviews, PRIVO conducts monitoring and consulting on a regular basis. Such standards must be strictly adhered to in order to ensure safe and responsible online interaction between online properties and children under the age of 13.

Learn more about our COPPA Safe Harbor program.

Here’s a few of our

Certified Members

Go to the my.PRIVO directory to see more

Sign up to receive the PRIVO newsletter

Contact Us