Logo
Media Centre

FTC Implements Major Revisions to Children’s Online Privacy Protection Rule

Kevin David Gampel Ariel Yosefi

20 January 2025

On 16 January 2025, the Federal Trade Commission (“FTC“) announced the finalization of a significant revision to the Children’s Online Privacy Protection Act’s (“COPPA“) Rule, placing stricter obligations on companies that collect, process and share personal information from children under the age of 13.

This revision aims to strengthen privacy protections for minors, provide parents more oversight of children’s data, and clamp down on the inappropriate commercial use of children’s personal information.

The COPPA Rule, which was last time revised in 2013, regulates the various requirements imposed by COPPA on online operators that target children, including, inter alia, to obtain verified parental consent before collecting or sharing children’s personal information. We set out below the key changes introduced now to the COPPA Rule.

 

Key Changes in the COPPA Rule

  1. Opt-In Consent for Targeted Advertising

The key revision to the Rule requires companies to obtain explicit parental opt-in consent before collecting, processing, sharing or monetizing children’s data for targeted advertising purposes. This new framework intends to empower parents with substantial control over their children’s data usage in advertising contexts.

  1. Limits on Data Retention

The amended Rule also introduces a requirement for companies to be stricter and more aware of their data retention periods, limiting the storage of children’s personal information. In this regard, companies would no longer be allowed to retain children’s data indefinitely, and are required to limit their data retention to only the duration necessary for fulfilling specific and lawful purposes. This shall ensure that children’s personal information is not stored longer than necessary and reduce the chances of such data being misused.

  1. Enhanced Transparency for Safe Harbor Programs

Additionally, the amendments provide enhanced transparency requirements for COPPA Safe Harbor programs, which serve as self-regulatory frameworks for corporate compliance. These programs must now maintain public membership directories and submit detailed reports to the FTC, ensuring enhanced accountability.

  1. Broader Definition of Personal Information

The amended COPPA Rule include a broader definition of “personal information” to include sensitive information such as biometric data (including fingerprints and facial recognition information) as well as government-issued identification.

 

Other Considerations and Future Steps

It is worth mentioning that the FTC has taken into considerations various additional proposals that were ultimately not incorporated into the final revision. This includes, inter alia, specific and stringent controls on push notifications directed at children. Nonetheless, we might expect in the future that the FTC amends the COPPA again, as it continuously expresses concern about how engagement tactics, like push notifications, might encourage kids to stay online too long, which could affect their mental well-being.

The comprehensive revisions to the Rule is scheduled for imminent publication in the federal register and following its publication, the amendments will become effective after a 60-day period, including a one-year window for companies to achieve full compliance with the new requirements.

 

Recent Enforcement Action

In a related and parallel development, the FTC announced a settlement with Singaporean game developers of Genshin Impact, Cognosphere Ltd. which agreed to a $20 million dollars settlement for marketing in-game features, such as loot boxes to children through social media posts and in-game banners, while collecting in violation of the COPPA children’s personal information without parental consent. As part of the settlement, the company will be required to delete any personal information collected from children under 13 whose parents have not consented.

This enforcement action emphasizes the focus and scrutiny of the FTC on children’s data protection.

Companies that collect or process children’s personal information in the United States should carefully assess their compliance with the updated COPPA rules and the implications for their data handling practices. Feel free to contact us if you have any questions regarding the revised COPPA regulations and its practical implications.

Related Practice Areas

Related Lawyers

More news

EDPB Adopted Opinion on Personal Data in Developing and Deploying AI Models
Herzog’s Comparative Guide on Key Rights in US States Privacy Laws – December 2024
The UK Online Safety Act – Ofcom Releases First Set of Regulatory Guidelines
JOIN OUR
Newsletter

    © 2020, All rights reserved, Herzog Law
    Site by Gootte

    The information contained in this web site is provided for informational purposes only and should not be construed as legal advice on any subject matter and should not be relied upon as such. Herzog accepts no responsibility for any consequences whatsoever arising from use of the information contained in this web site. The accessing of information contained in this web site shall under no circumstances be considered as creating an attorney-client relationship between Herzog and any party accessing this web site. Contacting through email any lawyer named in this web site or sending information without prior agreement of Herzog shall not be construed as automatically creating an attorney-client relationship between Herzog and the party sending an email or information. The material contained in this web site has been created by and remains the property of Herzog. No reproduction, transmission, publication or any other form of dissemination shall be permitted unless the prior written consent of Herzog has been obtained. This web site may contain links to other web sites operated by third parties. Herzog does not sponsor, approve or endorse the content of any such web site and is not responsible for the materials appearing in such sites.

    Search by
    Search by +

    Search