Children’s Online Privacy Protection Act enforcement
📘 I. Introduction to COPPA
COPPA was enacted in 1998 in the United States to protect the privacy of children under 13 years old online. It imposes strict requirements on websites and online services that collect personal information from children.
Key Requirements under COPPA:
Obtain verifiable parental consent before collecting personal data from children.
Provide clear privacy policies about data collection.
Allow parents to review and delete their children’s information.
Maintain reasonable security measures to protect data.
The Federal Trade Commission (FTC) is the primary agency responsible for COPPA enforcement.
🧾 II. Key Case Laws and Enforcement Actions
1. FTC v. Google / YouTube (2019)
Facts:
YouTube was accused of illegally collecting personal information from children under 13 without parental consent and using that data to serve targeted ads.
Outcome:
YouTube agreed to a $170 million settlement, the largest COPPA penalty to date.
Required YouTube to develop and implement a system to identify content directed to children and comply with COPPA.
Prohibited YouTube from targeting ads on children's content without parental consent.
Significance:
This case set a benchmark for COPPA enforcement, especially for platforms hosting user-generated content. It underscored the need for platforms to actively manage and classify content to protect children’s privacy.
2. FTC v. TikTok (2020)
Facts:
TikTok was charged with collecting personal information from children under 13 without parental consent and failing to delete it upon request.
Outcome:
TikTok agreed to pay $5.7 million to settle the FTC charges.
The company had to implement a COPPA compliance program and restrict data collection from children.
Significance:
The case highlighted that social media platforms popular with children must take responsibility for preventing unauthorized data collection and ensure compliance.
3. FTC v. VTech Electronics (2018)
Facts:
VTech was accused of collecting extensive personal information from children through its toys and online platforms without parental consent and failing to secure that data properly.
Outcome:
VTech agreed to a $650,000 settlement.
The company had to improve data security practices and comply with COPPA.
Required to notify parents of data collection and give them control over their children’s information.
Significance:
The case broadened COPPA enforcement to connected toys and devices, emphasizing that COPPA applies beyond traditional websites.
4. In the Matter of Musical.ly (Now TikTok) (2019)
Facts:
Musical.ly was charged with collecting personal data from children under 13 without parental consent.
Outcome:
The company was required to implement robust age screening and parental consent mechanisms.
Had to delete illegally collected data from children.
Significance:
Musical.ly's case was a precursor to the TikTok case and emphasized that apps must enforce age verification mechanisms to comply with COPPA.
5. FTC v. Playdom (2010)
Facts:
Playdom, a social gaming company, was accused of collecting children’s information without parental consent.
Outcome:
FTC settled with Playdom requiring the company to delete improperly collected data and implement COPPA-compliant procedures.
The case marked one of the earlier COPPA enforcement actions against gaming platforms.
Significance:
This case reinforced that interactive games accessible to children fall under COPPA’s scope.
6. FTC v. LEGO (2019)
Facts:
LEGO was accused of collecting children’s personal data via its online platform without obtaining verifiable parental consent.
Outcome:
Settlement required LEGO to revise its privacy policies.
LEGO had to implement procedures to obtain parental consent and protect children’s data.
Significance:
Illustrated COPPA’s reach into educational and toy company websites.
📌 III. Summary Table: COPPA Enforcement Cases
| Case | Year | Violation | Outcome | Significance |
|---|---|---|---|---|
| FTC v. YouTube | 2019 | Collecting children’s data for ads | $170M settlement, compliance program | Landmark case on video platforms and user content |
| FTC v. TikTok | 2020 | Data collection without consent | $5.7M settlement, parental controls | Social media platform accountability |
| FTC v. VTech | 2018 | Data collection & security failures | $650K settlement, improved security | Connected toys under COPPA scope |
| Musical.ly (TikTok) | 2019 | Illegal data collection from kids | Required age screening & data deletion | Early enforcement for popular apps |
| FTC v. Playdom | 2010 | Collecting data without consent | Data deletion, COPPA compliance | Social gaming platforms liable |
| FTC v. LEGO | 2019 | Failure to get parental consent | Policy revisions, parental consent | COPPA applies to toy and educational websites |
✅ IV. Conclusion
COPPA enforcement has evolved significantly since its inception, adapting to:
The rise of social media and video-sharing platforms,
The proliferation of connected devices and toys,
Growing awareness of children’s digital privacy rights.
The FTC has become increasingly active in pursuing violations, emphasizing the importance of verifiable parental consent, data security, and transparent privacy policies.
Entities targeting or attracting children online must maintain robust compliance programs and actively monitor their data collection and use practices.
RELATED Blog
0 comments