The Children's Online Privacy Protection Act imposes requirements on operators of commercial websites and online services directed to children under 13, or that have actual knowledge they are collecting personal information from children under 13.
COPPA requires operators to post a clear and comprehensive privacy policy, provide direct notice to parents, obtain verifiable parental consent before collecting personal information from children, give parents the choice to consent to collection without consenting to disclosure to third parties, provide parents access to their child's information, give parents the ability to prevent further use or collection, and maintain the confidentiality, security, and integrity of collected information.
The FTC has actively enforced COPPA with significant penalties. Notable enforcement actions include a $170 million fine against YouTube/Google (2019), a $275 million fine against Fortnite maker Epic Games (2022), and ongoing investigations into social media platforms' compliance with children's privacy requirements. The FTC has proposed updates to COPPA rules to address modern data practices including targeted advertising to children.
ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology
Showing 30 of 1058 provisions. View all →
Get alerted when platforms change their policies — including COPPA-relevant provisions.
Subscribe to Monitor — $19/moConductAtlas tracks COPPA-relevant provisions across 43 platforms. Each platform's specific provisions are classified by severity and mapped to COPPA requirements.
ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect COPPA obligations. Every change is archived with cryptographic verification.