The Children’s Online Privacy Protection Act (COPPA) Rule was first enacted in 2000. However, the digital landscape has evolved dramatically since then, but the most recent rule change was over a decade ago. On January 16, 2025, the Federal Trade Commission (FTC) announced new amendments to the rule in an effort to continue to protect our most vulnerable population.

Let’s explore these updates, what they mean, and what parents need to keep in mind as they strive to protect their little ones’ digital presence.  

What is COPPA?

COPPA is a law in the United States that aims to protect the privacy of children under the age of 13 when they use the internet. Here’s a simple breakdown of what it does:

  1. Protecting Kids’ Personal Information: COPPA ensures that websites and online services cannot collect personal information from children without getting consent from their parents. Personal information includes things like names, addresses, phone numbers, and even photos.
  2. Parental Consent: Before collecting, using, or sharing a child’s personal information, companies must get approval from the child’s parents. This helps parents have more control over what information is being shared about their kids.
  3. Clear Privacy Policies: Companies must clearly explain their privacy practices and how they handle children’s data. This information should be easy for parents to find and understand.
  4. Secure Data: Companies must take steps to protect the personal information they collect from children. This means using secure methods to store and manage the data.
  5. Limit Data Collection: Companies can only collect personal information that’s necessary for the activity or service they’re offering. They can’t ask for more information than they need.

Overall, COPPA is designed to give parents more control over their children’s online experiences and ensure that their personal information is kept safe and private. Its primary goal is to make the internet a safer place for young users.

Key Updates to the COPPA Rule (as of January 16, 2025)

The following are the five amendments that were made to COPPA on January 16, 2025. 

  1. Expanded Definition of Personal Information: The new amendments now include biometric identifiers, such as fingerprints and facial scans, as part of the definition of personal information. This change reflects the growing use of advanced technologies in data collection.
  2. Enhanced Parental Consent Requirements: Companies must now obtain verifiable parental consent before collecting, using, or disclosing children’s data. This includes specific consent for third-party disclosures, aligning more closely with the EU’s General Data Protection Regulation (GDPR).
  3. Data Retention Limits: The updated rule mandates that personal information can only be retained for as long as necessary to fulfill the specific purpose for which it was collected. Indefinite retention is now prohibited.
  4. Increased Transparency for Safe Harbor Programs: Safe Harbor programs, which are self-regulatory programs approved by the FTC, must now disclose their membership lists and report additional information to improve accountability.
  5. Mixed Audience Websites: The amendments clarify the definition of “mixed audience websites” and provide guidelines for determining users’ ages and applying COPPA protections.

The Role of Parents and Guardians in Protecting Their Children

While the new COPPA amendments offer enhanced protections, the responsibility still largely falls on parents and Guardians to ensure their children’s online safety. Here are five tips for parents to help keep their children safe on the internet:

  1. Educate Your Children: Teach them about the dangers of sharing personal information online and the importance of privacy. Explain the types of information that should never be shared, such as their full name, address, phone number, or school name. Encourage them to talk to you if they encounter times where this information is asked of them or about anything online that makes them feel uncomfortable.
  2. Use Parental Controls: Utilize built-in parental controls on devices and apps to restrict access to inappropriate content and limit screen time. Most devices and operating systems offer parental control settings that allow you to block certain websites, set usage limits, and monitor your child’s online activities.
  3. Monitor Online Activity: Regularly check your child’s online activity and have open conversations about their online experiences. Use tools and apps that allow you to track their browsing history, social media interactions, and app usage. Encourage open dialogue so your child feels comfortable discussing their online experiences with you.
  4. Set Boundaries: Establish rules for internet usage, including time limits and approved websites. Create a family internet safety plan that outlines when, where, and how the internet can be used. Ensure that devices are used in common areas of the house where you can easily monitor them.
  5. Stay Informed: Keep up to date with the latest cybersecurity trends and threats to better protect your family. Subscribe to newsletters, follow trusted cybersecurity blogs, and join online communities where you can share information and learn from other parents’ experiences.

The Importance of Digital Literacy

Digital literacy is an essential skill for children growing up in today’s technology-driven world.  Teaching your children how to navigate the internet safely and responsibly is just as important as teaching them how to read and write. Because most parents of children utilizing electronic and internet-ready devices today did not grow up with the same challenges and education necessary to overcome them, it is important to stay informed and current with best practices to protect your children. 

Having an open dialogue with your children and encouraging them to think critically about the information they encounter online, understand the importance of strong passwords, and recognize the signs of phishing and other scams will help them stay vigilant, is the first step to staying safe. More on this later in the article. 

The Role of Schools in Promoting Online Safety

Schools are pivotal in shaping the online safety of the next generation. Recognizing the growing risks children face in the digital world, many educational institutions have proactively integrated digital citizenship and internet safety into their curriculum. By doing so, they equip students with the knowledge and skills needed to navigate the internet safely and responsibly.

One of the key aspects of promoting online safety in schools is the establishment of a comprehensive digital citizenship program. These programs often cover topics such as recognizing and avoiding cyberbullying, understanding privacy settings, identifying credible sources of information, and being aware of the long-term impact of one’s digital footprint. By teaching these concepts, schools help students develop critical thinking skills that are essential in today’s interconnected world.

Parents play a crucial role in reinforcing these lessons at home. By engaging with their children’s schools and understanding what is being taught, parents can create a consistent message about the importance of online safety. This collaboration between educators and parents ensures that children receive continuous guidance and support in developing safe online habits. Parents can also participate in school-led workshops and seminars to stay informed about the latest trends and threats in the digital landscape, enabling them to better protect their families.

Furthermore, schools can foster a community-wide approach to online safety by involving students, teachers, and parents in discussions and activities that emphasize the importance of responsible internet use. Through initiatives like Safer Internet Day, schools can raise awareness about online safety issues and encourage a culture of digital responsibility.

The Role of Technology Companies

Technology companies bear a substantial responsibility when it comes to safeguarding the privacy and safety of their youngest users. One of the key mandates of the new COPPA amendments is for companies to adopt a “privacy by design” approach. This means that children’s privacy considerations should be integrated into every stage of product development, from conception to deployment. Companies must anticipate potential privacy risks and incorporate safeguards to mitigate them. By embedding privacy features from the outset, companies can create safer online environments for children and earn the trust of parents and guardians.

Robust security measures are another critical aspect of COPPA compliance. Companies must implement state-of-the-art security protocols to protect the personal information of children. This includes encryption, secure data storage, and regular security audits to identify and address vulnerabilities. Given the increasing sophistication of cyber threats, it is imperative that companies stay ahead of potential risks and continually enhance their security practices.

Transparency is also essential in fostering trust and compliance. The latest COPPA amendments require companies to provide clear and easy-to-understand privacy policies. These policies should outline how children’s data is collected, used, and shared, and they should be easily accessible to parents and guardians. Additionally, companies must obtain verifiable parental consent before collecting any personal information from children, ensuring that parents are fully informed and in control of their children’s online experiences.

The Slow Pace of Legislative Updates

The legislative process is often slow and cumbersome, and COPPA is no exception. Despite the rapid advancements in technology and the increasing sophistication of cyber threats, it took six years for the FTC to finalize the current amendments, which were initially drafted in 2019. Prior to this, COPPA was last updated in 2013. 

With children increasing their digital footprint via social media, video games, and online communication channels at a dramatic rate each year, and not possessing the mental sophistication to discern what is digitally unsafe, this leaves children vulnerable to new and emerging threats not anticipated when the original law was drafted.

Why Timely Updates are Crucial

Technology evolves at a breakneck pace, and so do the tactics employed by cybercriminals. As new devices, apps, and online platforms emerge, so do the opportunities for malicious actors to exploit them. Children, who are often early adopters of new technologies, are particularly at risk. The slow legislative process means that by the time new regulations are enacted, they may already be outdated, leaving gaps in protection that can be exploited.

What’s Next?

The latest COPPA rule updates are a step in the right direction, but they are just one piece of the puzzle. Parents, educators, and technology companies must work together to create a safer online environment for children. By staying informed, proactive, and engaged, we can help safeguard our children’s digital futures. Ensuring that children are protected online is an ongoing effort that requires vigilance, education, and collaboration from all stakeholders.

The changes to COPPA are a reminder of the importance of updating laws to keep pace with technological advancements. However, the slow pace of legislative change means that parents must remain vigilant and take an active role in protecting their children’s online privacy and security. Together, we can create a safer digital world for the next generation.

 

To learn more about how to protect your children, BlackCloak hosted a webinar titled “Beyond Parental Controls: Comprehensive Strategies for Child Online Safety.” Click here to view