Bryan Cave Combines with Berwin Leighton Paisner to Form Bryan Cave Leighton Paisner LLP Learn More

There are relatively few restrictions on collecting information from children off-line. Efforts to collect information from children over the internet, however, are regulated by the Children’s Online Privacy Protection Act (“COPPA”). Among other things, COPPA requires that a website obtain parental consent prior to collecting information, post a specific form of privacy policy that complies with the statute, safeguard the information that is received from a child, and give parents certain rights, like the ability to review and delete their child’s information. COPPA also prohibits companies from requiring that children provide personal information in order to participate in activities, such as on-line games or sweepstakes. The following provides a snapshot of information regarding COPPA.


Number of complaints received by the FTC about companies violating COPPA.1

$2.28 / Child

Estimate by one organization of the average fine per child imposed by the FTC .2


Number of enforcement actions taken by the FTC.3

$4 million

The largest COPPA fine imposed by the FTC.4


The following are the most common complaints about children’s websites received by the FTC:5


The website did not obtain proper parental consent


The website collected more personal information than was necessary


Parents were not given an opportunity to stop information from being disclosed to third parties


The website did not have a clear privacy policy


The website misrepresented how information was used


  • What to think about when reviewing your website:
  • Does your website ask children to provide information?
  • If not, does your website automatically collect information about a child’s computer or session?
  • Would your website appeal to children?
  • Has the FTC received complaints about your website? If so, how many and what issues were raised in the complaints?
  • Does your website ask for parents’ permission to collect information about children?
  • Does your website verify that the parent is the actual parent of a child?
  • Has the verification mechanism been approved by the FTC?
  • Does your website’s privacy policy comply with COPPA?
  • Can you limit liability by joining an FTC approved self-regulatory organization (sometimes called a “safe harbor” program)?
  • Which safe harbor program provides the most benefit to your organization?

1. Based upon analysis of consumer complaints received by the FTC between January 2008 and August 2013.

2. (last viewed Nov. 2016).

3. FTC, 2014 Privacy and Data Security Update,

4. United States v. InMobi Pte Ltd, Case No. 3:16-cv-03474 (N.D. Cal. June 22, 2016),

5. Based upon analysis of consumer complaints received by the FTC between January 2008 and August 2013.