Bureau Home / Consumer Tips and Information / Computers and Internet or Identity Theft / Child Online Privacy
This content is also available as a downloadable
fact sheet PDF.
Acceda a esta página en español.
As a parent, you have control of the personal information companies collect online from your children under the age of 13. The Children’s Online Privacy Protection Act (COPPA) gives you tools to do that. The Federal Trade Commission enforces COPPA (15 USC §§ 6501-6506). If a site or service is covered by COPPA, it must obtain your consent before collection personal information from your child and it has to honor your choices about how that information is used.
What is COPPA (15 USC §§ 6501-6506)?
The COPPA Rule was put in place to protect children’s personal information on websites and online services – including apps – that are directed to children under the age of 13. The Rule also applies to a general audience site that knows it is collecting personal information from children that age. COPPA requires those sites and services to notify parents directly and get their approval before they collect, use, or disclose a child’s personal information.
Personal information in the world of COPPA includes a child’s name, address, phone number or email address; geolocation information, photos, videos and audio recordings of the child, and persistent identifies like IP addresses and mobile device ID’s, that can be used to track a child’s activities over time across different websites and online services.
Does COPPA affect the sites and services my children use?
If the site or service does not collect your child’s personal information, COPPA is not a factor. COPPA kicks in only when sites covered by the Rule collect certain personal information from your children. Practically speaking, COPPA puts you in charge of your child’s personal information.
How does COPPA work?
COPPA works like this: Your child wants to use features on a site or download an app that collects their personal information. Before they can, you should get a plain language notice about what information the site will collect, how it will use it, and how you can provide your consent.
The notice should link to a privacy policy that is also plain to read – and in language that is easy to understand. The privacy policy must give the details about the kind of information the site collects, and what it might do with the information – say, if it plans to use the information to target advertising to a child or give or sell the information to other companies.
In addition, the policy should state that those other companies have agreed to keep the information safe and confidential, and how to contact someone who can answer your questions. The notice also should have directions on how to give your consent. Sites and services have some flexibility in how to do that. Some may ask to send back a permission letter. Others may have a toll-free number you may call. If you agree to let the site or service collect personal information from your child, they have a legal obligation to keep it secure.
What are my choices?
The first choice is whether you are comfortable with the site’s information practices. Start by reading how the company plans to use your child’s information.
Then, it is about how much consent you want to give. You might give the company permission to collect your child’s personal information, but not allow it to share that information with others. Once you give a site or service permission to collect personal information from your child, you are still in control.
As the parent, you have the right to review the information collected about your child. If you ask to see the information, keep in mind website operators need to make sure you are the parent before providing you access. You also have the right to retract your consent any time, and to have any information collected about your child deleted.