The United States has relatively few restrictions on collecting information from children off-line. Efforts to collect information from children over the internet, however, are regulated by the Children’s Online Privacy Protection Act (“COPPA”). Among other things, COPPA requires that a website obtain parental consent prior to collecting information, post a specific form of privacy policy that complies with the statute, safeguard the information that is received from a child, and give parents certain rights, like the ability to review and delete their child’s information. COPPA also prohibits companies from requiring that children provide personal information in order to participate in activities, such as on-line games or sweepstakes.


Number of complaints received by the FTC about companies violating COPPA.1

$2.28 / Child

Estimate by one organization of the average fine per child imposed by the FTC .2


Number of enforcement actions taken by the FTC.3

$4 million

The largest COPPA fine imposed by the FTC.4

The following are the most common complaints about children’s websites received by the FTC:


The website did not obtain proper parental consent


The website collected more personal information than was necessary


Parents were not given an opportunity to stop information from being disclosed to third parties


The website did not have a clear privacy policy


The website misrepresented how information was used

What to think about when reviewing your website:

  1. Does your website ask children to provide information?
  2. If not, does your website automatically collect information about a child’s computer or session?
  3. Would your website appeal to children?
  4. Has the FTC received complaints about your website? If so, how many and what issues were raised in the complaints?
  5. Does your website ask for parents’ permission to collect information about children?
  6. Does your website verify that the parent is the actual parent of a child?
  7. Has the verification mechanism been approved by the FTC?
  8. Does your website’s privacy policy comply with COPPA?
  9. Can you limit liability by joining an FTC approved self-regulatory organization (sometimes called a “safe harbor” program)?
  10. Which safe harbor program provides the most benefit to your organization?