New COPPA FAQs: You asked, we answered

Share This Page

If you’re the COPPA cop for your company or clients, you know that Complying with COPPA: Frequently Asked Questions (A Guide For Business And Parents And Small Entity Compliance Guide) – close friends call ‘em The FAQs – are an indispensable resource.  When FTC staff revised the FAQs a few months ago to reflect changes to COPPA that took effect July 1, 2013, we promised to update them as questions arose.  And we’re making good on that promise.

As a preliminary matter, FAQ watchers have noticed a slight change in format.  Rather than just numbering questions sequentially, we’ve divided them by topic (for example, Geolocation Data or Verifiable Parental Consent) and renumbered them within each category.  Of course, businesses that are new to COPPA will want to check out all the FAQs.  But the new structure makes it easier for dab hands to drill down to the issue that found its way to your in-box this morning.

What’s new in the July 2013 update to the FAQs?

Share buttons.  FAQ D.9 makes it clear that if your app includes embedded buttons or plug-ins that allow kids to send email or otherwise post information (via a social network for example), you need to get verifiable parental consent unless an exception applies.  This is true even if your app doesn’t otherwise collect personal information.

Actual knowledge.  We get a lot of questions about COPPA’s “actual knowledge” standard.  FAQs D.10, 11, and 12 offer guidance on how you might be considered to have “actual knowledge” that you’re collecting personal information on a child-directed site.  The new FAQs address some of the fact patterns you may be wrestling with right now.

Information collected from a child-directed site.  FAQ K.2 poses the hypothetical of a person who operates an ad network and finds out after the effective date of the Rule that he’s been collecting personal information via a child-directed website.  Unless an exception applies, he must stop collecting the information immediately and needs to get verifiable parental consent before using any personal information he now knows came from that child-directed site or service.  What if he doesn’t know the source of the information?  The FAQ addresses that scenario, too, and discusses some best practices.

Do you have a COPPPA question not addressed in the FAQs?  Email us as  Have you checked out these other new resources:  Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business and a 6-minute video that outlines the changes that took effect on July 1st?


i feel like this is unfair please consider changing it if your gonna not make peoples videos searchable why not shut youtube while your at it

What if I am actually over the age of 13, but I identify as someone under the age of 13? Does COPPA still protect me? Which age do I enter when I ask?

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.