GUIDE · UPDATED 2026-07
Protecting children's data
COPPA limits how online services collect kids' data — what it covers, and how it interacts with brokers.
The Children's Online Privacy Protection Act (COPPA) sets federal rules for how websites and online services handle data from children under 13. Understanding what COPPA requires—and what it covers—helps you protect your child's information online.
What COPPA requires
COPPA, enforced by the FTC, requires websites and online services to get verifiable parental consent before collecting personal information from children under 13. Companies must also limit how they use and keep that data, and cannot use it for purposes beyond what parents agreed to. These rules apply to services that knowingly collect children's information or that target children as their primary audience.
What parents can do
Start by reviewing the privacy policy of any service your child uses—look for how they collect data, what they do with it, and how long they keep it. Many services allow you to request that your child's data be deleted; check the privacy page or contact the company directly. You have the right to review what information a service holds about your child and to request corrections.
When a service may violate COPPA
If you believe a website or app improperly collects data from your child without your consent, or uses information in ways that aren't covered by your agreement, you can report it to the FTC. Include details about what happened and when—the FTC uses these reports to investigate potential violations.
What COPPA doesn't cover
COPPA governs collection by covered services themselves, but it doesn't directly regulate the broader data-broker market. Your child's information may still be bought and sold by third parties even when a service complies with COPPA. Review deletion rights with each service, and stay aware of what your child shares online.