
The Children’s Online Privacy Protection Act, commonly referred to as COPPA, is a federal law designed to protect the personal information of children under the age of 13 in the digital environment. Enacted in 1998 and enforced by the Federal Trade Commission, COPPA regulates how websites, mobile applications, online games, streaming platforms, and digital services collect, use, and share data belonging to young users.
At its core, COPPA gives parents control over their children’s online privacy. The law recognizes that children often lack the ability to understand how their personal information is collected or monetized. COPPA therefore places legal responsibility on companies to obtain verifiable parental consent before collecting or using a child’s personal data.
COPPA was passed at a time when the internet was becoming widely accessible to children, but before clear rules existed to regulate how companies collected information from minors. Lawmakers identified a growing risk that children’s names, email addresses, locations, photos, and browsing behavior were being gathered without parental knowledge.
The law was intended to stop companies from exploiting children’s data for advertising, profiling, or resale. While technology has evolved dramatically since COPPA was enacted, its underlying purpose remains the same: ensuring transparency, parental authority, and accountability when it comes to children’s digital privacy.
COPPA applies to any online service that is directed to children under 13 or that knowingly collects personal information from children under 13. This includes websites and apps that are specifically designed for children, as well as general audience platforms that become aware they are collecting children’s data.
Covered personal information includes names, usernames, email addresses, phone numbers, photos, videos, precise location data, IP addresses, persistent identifiers, and any information that can be used to identify or track a child across platforms.
Companies subject to COPPA must provide clear privacy notices, obtain parental consent before collecting data, allow parents to review and delete their child’s information, and maintain reasonable security safeguards. Data may only be retained for as long as it serves a legitimate purpose, after which it must be securely deleted.
COPPA enforcement has intensified in recent years as regulators respond to the growing use of digital platforms by children. High-profile settlements demonstrate that even large, well-resourced companies are not immune from scrutiny.
One of the most notable recent COPPA cases involved The Walt Disney Company. Federal regulators alleged that Disney failed to properly classify certain online video content as being directed to children. Because the content was not correctly designated, personal data from children under 13 was collected and used for advertising purposes without proper parental consent.
In late 2025, Disney agreed to a settlement that included a civil penalty of approximately $10 million and a court-ordered injunction requiring improved COPPA compliance practices. The case sent a clear message that mislabeling content or relying on platform defaults does not excuse companies from their legal responsibilities under COPPA.
The Disney settlement also underscored a growing regulatory focus on how children’s data is collected through video streaming, connected devices, and advertising technology.
In addition to Disney, regulators have pursued enforcement actions against a wide range of companies, including app developers, gaming platforms, and technology firms. Recent cases have involved allegations of collecting geolocation data from children, retaining voice recordings, and using persistent identifiers to track children across digital environments.
Several companies have faced multimillion-dollar penalties, mandatory compliance audits, and long-term monitoring requirements. These cases illustrate that COPPA violations can arise from everyday product design decisions, not just intentional misconduct.
For parents, COPPA provides critical transparency and control. The law allows parents to understand what information is collected about their children and to prevent that data from being misused. When companies fail to comply, children’s privacy may be compromised without families ever realizing it.
For consumers, COPPA also intersects with broader data privacy and consumer protection concerns. Children’s data can be used to influence behavior, shape advertising, or create long-term digital profiles. COPPA seeks to prevent these outcomes by limiting data collection at an early age.
Data privacy enforcement is no longer theoretical. Regulators are actively pursuing cases involving children’s data, and consumers are increasingly aware of their privacy rights. The Lyon Firm represents individuals and families in data privacy and data misuse matters, including cases involving COPPA compliance failures.
The lawyers at our firm understand how federal privacy laws intersect with emerging technologies, advertising practices, and consumer protection statutes. We know clients benefit from a practical approach that prioritizes risk mitigation and effective advocacy. As enforcement actions continue to grow, working with legal counsel familiar with privacy law can help protect you and your loved ones.
Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there: