COPPA — Children's Online Privacy Protection Act

Overview

The Children's Online Privacy Protection Act imposes requirements on operators of commercial websites and online services directed to children under 13, or that have actual knowledge they are collecting personal information from children under 13.

COPPA requires operators to post a clear and comprehensive privacy policy, provide direct notice to parents, obtain verifiable parental consent before collecting personal information from children, give parents the choice to consent to collection without consenting to disclosure to third parties, provide parents access to their child's information, give parents the ability to prevent further use or collection, and maintain the confidentiality, security, and integrity of collected information.

The FTC has actively enforced COPPA with significant penalties. Notable enforcement actions include a $170 million fine against YouTube/Google (2019), a $275 million fine against Fortnite maker Epic Games (2022), and ongoing investigations into social media platforms' compliance with children's privacy requirements. The FTC has proposed updates to COPPA rules to address modern data practices including targeted advertising to children.

Penalties

Civil penalties up to $50,120 per violation (adjusted for inflation). No cap on aggregate penalties. Recent FTC enforcement: YouTube/Google $170M (2019), Epic Games $275M (2022).

Key Articles & Sections

§ 6502 Regulation of Unfair and Deceptive Acts

Core prohibition: unlawful to collect, use, or disclose personal information from children without verifiable parental consent.
Read full text →
§ 6501 Definitions

Defines "child" (under 13), "operator," "personal information" (name, address, email, phone, SSN, screen name, cookies/persistent identifiers when linked to individually identifiable information).
Read full text →
§ 6502(b) Notice and Consent Requirements

Operators must provide notice of information practices and obtain verifiable parental consent before collection. Parents must be able to refuse further collection.
Read full text →
16 CFR Part 312 COPPA Rule (FTC Implementation)

FTC implementing regulations specifying acceptable methods of parental consent, safe harbor programs, and detailed compliance requirements.
Read full text →

Platforms We Track Subject to COPPA

Activision

0 relevant provisions

Amazon

35 relevant provisions

Apple

35 relevant provisions

Audible

5 relevant provisions

BeReal

9 relevant provisions

Discord

0 relevant provisions

Disney+

0 relevant provisions

Duolingo

0 relevant provisions

EA

9 relevant provisions

Epic Games

10 relevant provisions

Google

25 relevant provisions

Hulu

2 relevant provisions

Khan Academy

0 relevant provisions

Kindle

0 relevant provisions

Max

0 relevant provisions

Messenger Kids

4 relevant provisions

Recent Changes Related to COPPA

Apr 20, 2026 Reddit Low

Reddit's privacy policy page was detected as changed on April 20, 2026, but the actual difference is limited to an internal JavaScript challenge token used for bot verification — not any substantive …
View change record →
Apr 19, 2026 Minecraft Low

Minecraft updated their Usage Guidelines on April 19, 2026, making two small formatting and footer changes. In the legal agreements section, hyperlinks were added around the names of key policy docum…
View change record →
Apr 19, 2026 Minecraft Low

Minecraft made minor edits to three sentences in their End User License Agreement on April 19, 2026. The changes removed the word 'here' as a hyperlink anchor from sentences about internet safety res…
View change record →
Apr 19, 2026 Minecraft Low

Minecraft updated their privacy policy footer on April 19, 2026, adding a 'Consumer Health Privacy' link and a 'Your Privacy Choices' option alongside the existing privacy and cookies link. Before th…
View change record →
Apr 19, 2026 YouTube Low

YouTube updated its Terms of Service on April 19, 2026, making several adjustments including expanding the list of supported languages for the terms, changing age-related language from 'minor in your…
View change record →
Apr 19, 2026 Snapchat Low

On April 19, 2026, Snapchat updated their Privacy Policy by reorganizing and expanding the navigation and introductory sections of the document. The changes added links and descriptions for Community…
View change record →
Apr 19, 2026 Reddit Low

Reddit's privacy policy page was detected as changed on April 19, 2026, but the actual content captured is a bot-verification/challenge page rather than substantive policy text. The only difference b…
View change record →
Apr 19, 2026 Epic Games Low

Epic Games updated the contact email address for filing arbitration demands with NAM (National Arbitration and Mediation) in their Terms of Service on April 19, 2026. The old email listed was formatt…
View change record →
Apr 19, 2026 Epic Games Low

Epic Games updated their privacy policy on April 19, 2026 to consolidate and standardize the contact email addresses used for privacy-related requests. Previously, the policy listed various email add…
View change record →
Apr 19, 2026 Roblox Low

On April 19, 2026, Roblox updated the introduction and table of contents of their Privacy and Cookie Policy, replacing a simple header with a detailed navigational structure that outlines all major s…
View change record →

Official Source

View official regulation text →