What Is COPPA? A Complete Guide to the Children’s Online Privacy Protection Act

The Children’s Online Privacy Protection Act, commonly referred to as COPPA, is a federal law designed to protect the personal information of children under the age of 13 in the digital environment. Enacted in 1998 and enforced by the Federal Trade Commission, COPPA regulates how websites, mobile applications, online games, streaming platforms, and digital services collect, use, and share data belonging to young users.

At its core, COPPA gives parents control over their children’s online privacy. The law recognizes that children often lack the ability to understand how their personal information is collected or monetized. COPPA therefore places legal responsibility on companies to obtain verifiable parental consent before collecting or using a child’s personal data. 

Why COPPA Was Created

COPPA was passed at a time when the internet was becoming widely accessible to children, but before clear rules existed to regulate how companies collected information from minors. Lawmakers identified a growing risk that children’s names, email addresses, locations, photos, and browsing behavior were being gathered without parental knowledge.

The law was intended to stop companies from exploiting children’s data for advertising, profiling, or resale. While technology has evolved dramatically since COPPA was enacted, its underlying purpose remains the same: ensuring transparency, parental authority, and accountability when it comes to children’s digital privacy.

How COPPA Applies to Websites and Apps

COPPA applies to any online service that is directed to children under 13 or that knowingly collects personal information from children under 13. This includes websites and apps that are specifically designed for children, as well as general audience platforms that become aware they are collecting children’s data.

Covered personal information includes names, usernames, email addresses, phone numbers, photos, videos, precise location data, IP addresses, persistent identifiers, and any information that can be used to identify or track a child across platforms.

Companies subject to COPPA must provide clear privacy notices, obtain parental consent before collecting data, allow parents to review and delete their child’s information, and maintain reasonable security safeguards. Data may only be retained for as long as it serves a legitimate purpose, after which it must be securely deleted.

Recent COPPA Lawsuits and Enforcement Actions

COPPA enforcement has intensified in recent years as regulators respond to the growing use of digital platforms by children. High-profile settlements demonstrate that even large, well-resourced companies are not immune from scrutiny.

The Disney COPPA Settlement

One of the most notable recent COPPA cases involved The Walt Disney Company. Federal regulators alleged that Disney failed to properly classify certain online video content as being directed to children. Because the content was not correctly designated, personal data from children under 13 was collected and used for advertising purposes without proper parental consent.

In late 2025, Disney agreed to a settlement that included a civil penalty of approximately $10 million and a court-ordered injunction requiring improved COPPA compliance practices. The case sent a clear message that mislabeling content or relying on platform defaults does not excuse companies from their legal responsibilities under COPPA.

The Disney settlement also underscored a growing regulatory focus on how children’s data is collected through video streaming, connected devices, and advertising technology.

Other Notable COPPA Cases

In addition to Disney, regulators have pursued enforcement actions against a wide range of companies, including app developers, gaming platforms, and technology firms. Recent cases have involved allegations of collecting geolocation data from children, retaining voice recordings, and using persistent identifiers to track children across digital environments.

Several companies have faced multimillion-dollar penalties, mandatory compliance audits, and long-term monitoring requirements. These cases illustrate that COPPA violations can arise from everyday product design decisions, not just intentional misconduct.

Why COPPA Matters for Consumers and Parents

For parents, COPPA provides critical transparency and control. The law allows parents to understand what information is collected about their children and to prevent that data from being misused. When companies fail to comply, children’s privacy may be compromised without families ever realizing it.

For consumers, COPPA also intersects with broader data privacy and consumer protection concerns. Children’s data can be used to influence behavior, shape advertising, or create long-term digital profiles. COPPA seeks to prevent these outcomes by limiting data collection at an early age.

Why Hire The Lyon Firm for Data Privacy Cases

Data privacy enforcement is no longer theoretical. Regulators are actively pursuing cases involving children’s data, and consumers are increasingly aware of their privacy rights. The Lyon Firm represents individuals and families in data privacy and data misuse matters, including cases involving COPPA compliance failures.

The lawyers at our firm understand how federal privacy laws intersect with emerging technologies, advertising practices, and consumer protection statutes. We know clients benefit from a practical approach that prioritizes risk mitigation and effective advocacy. As enforcement actions continue to grow, working with legal counsel familiar with privacy law can help protect you and your loved ones.

Frequently Asked Questions About COPPA

1. What age group does COPPA protect? COPPA applies to children under the age of 13 and regulates how their personal information may be collected online.
2. Does COPPA apply to mobile apps and games? Yes. COPPA applies to websites, mobile apps, online games, and connected services that are directed to children or knowingly collect children’s data.
3. What happens if a company violates COPPA? Violations can result in civil penalties, court orders and potential private lawsuits.
4. Can parents sue over COPPA violations? While COPPA is primarily enforced by regulators, parents may have claims under related consumer protection or privacy laws depending on the circumstances.
5. How can The Lyon Firm help with COPPA cases? The Lyon Firm assists clients with privacy investigations, data misuse claims, and litigation involving children’s personal information.