What is COPPA?

Everything you need to know about the Children’s Online Privacy Protection Act and keeping your app COPPA-compliant.

Glossary What is COPPA?

The definition of COPPA

The Children’s Online Privacy Protection Act (COPPA) is a U.S. federal law stating that websites, online services, apps, and internet of things (IoT) devices must protect the personal information of children under the age of 13. Owners of these websites and online services must adhere to the requirements listed within COPPA’s Children’s Online Privacy Protection Rule, or COPPA Rule.

Does my company need to comply with COPPA?

Having come into effect in 2000, the COPPA Rule has been updated multiple times over the years by the Federal Trade Commission (FTC), and the definition of “website or online services” has expanded to include recent technologies like those listed below.

COPPA defines “website or online services” as:

  • Mobile apps that send or receive information online
  • Internet-enabled gaming platforms
  • Advertising networks
  • Plug-ins
  • Voice-over internet protocol services
  • IoT devices and toys
  • Internet-enabled location-based services

Who needs to be COPPA compliant?

If you answer “yes” to any of the following, your app company likely needs to be COPPA-compliant:

  • Is your company based in the U.S.?
  • Are your app’s users based in the U.S.?
  • Is your app targeted toward children?
  • Is your app likely to appeal to children?

For further details, check out the FTC’s Complying with COPPA: Frequently asked questions.

COPPA compliance checklist

Curious about how to be COPPA compliant? Prepare your app business with this COPPA compliance checklist. Don’t collect any data from minors without checking off these five steps.

1. Publish a COPPA-compliant privacy policy

Your privacy policy should be easy for users to find within your app and website. It should clarify your company’s policies and reveal how your business and any third-parties you’re working with collect personal information, particularly when it comes to minors.

A COPPA-compliant privacy policy must contain:

1. A complete list of all operations gathering personal information.

2. An explanation of the collected personal information and how it’s used.

3. A description of parental rights.

2. Notify parents

COPPA dictates that digital services collecting information from children must directly notify parents of their information practices before any data is collected. If your company makes any updates that alter these practices, you must again inform parents regarding these updates.

Note that there are a few exceptions to COPPA’s Verifiable Parental Consent Requirements as listed on the FTC’s website.

3. Get Parent’s Verifiable Consent

Before your company collects, uses, or discloses a child’s personal information, you must get their Parents’ Verifiable Consent. COPPA recommends six different techniques to ensure that the consent you obtain is that of the child’s parent. The technique you utilize is entirely up to you.

4. Honor parent’s data requests

To be COPPA-compliant, your app business must be able to honor the requests of parents regarding their children’s data.

Parents can request the following about their child’s data:

  • A way to evaluate the data gathered on their child.
  • The option to withdraw consent and object to the use or further collection of their child’s personal data.
  • That their child’s data be erased.

5. Ensure data protection

Per the COPPA Rule, you must set up safeguards for protecting any personal data collected from minors. Make sure your security protocols preserve the integrity and confidentiality of the data you and your third-party partners access.

COPPA compliance checklist

Bonus: How to make push notifications COPPA-compliant

  1. Get Verifiable Parental Consent (VPC) before collecting a child’s personal information.
  2. Don’t combine a child’s personal information in the push notification. (E.g,. You can’t personalize a message with the child’s name.)
  3. Send the parent a “Direct notice”, most commonly via email, if push notifications have been enabled and provide them with a way to opt out.
  4. Note: Push notifications may not contain marketing messages about other products, but may only be relevant to the child’s in-app activities.

Adjust and COPPA compliance

As the leading MMP in privacy and security, Adjust provides app marketers and developers of kids’ apps with COPPA-compliant attribution. The Adjust SDK contains methods for kids’ apps that enhance user privacy and ensure your app is compliant with child data protection regulations. Feel free to read more about Adjust’s SDK COPPA compliance methods.

As you can read in our Privacy Policy, Adjust is a member of the Children’s Advertising Review Unit’s (CARU’s) Safe Harbor Program, meaning that CARU has reviewed all of our data collection, usage, and security practices and certified that our products and ad practices comply 100% with COPPA.

Additionally, all of Adjust’s products fully comply with GDPR and CCPA laws and we are certified by the International Organization for Standardization (ISO) 27001:2013. These certifications mean our clients worldwide can rest easy knowing that their data and that of their clients are completely protected.

So, ready to partner with the leading MMP in privacy to get accurate and fully COPPA-compliant insights on your app campaigns? Get your demo now!

Be the first to know. Subscribe for monthly app insights.

Keep reading