Skip to main content

Protecting Children’s Data

September 29, 2023

At The Regulatory Review, Caroline Hackley L’24 examines the limitations of COPPA, the only federal law regulating the collection of children’s data via the internet.

The Children’s Online Privacy Protection Act of 1998 (COPPA) is the only federal law regulating the collection of children’s data on the internet.

Caroline Hackley L’24 explores the law’s shortcomings in the wake of rapid cultural and technological changes.

From The Regulatory Review:

Almost a decade before the release of the first iPhone, Congress passed what now remains the only federal law regulating the collection of children’s data on the internet.

Caroline Hackley L'24 Caroline Hackley L’24Although the Children’s Online Privacy Protection Act of 1998 (COPPA) imposes a set of specific requirements on certain websites, these requirements have struggled to keep pace with the rapid development of social media and internet culture since the turn of the century. In response, bipartisan groups of lawmakers have recently started pushing for passage of new legislation to protect children’s data online.

COPPA’s substantive protections include restrictions on the types of online marketing that can be targeted toward children and requirements that website operators post a privacy policy whenever data are being collected. COPPA also necessitates that websites obtain verifiable parental consent for the collection and use of any children’s data.

COPPA does not, however, explicitly outline how parental consent for the collection of children’s personal information can or should be obtained. To address this gap, the Federal Trade Commission, the regulating body for COPPA, published guidance in 2013 suggesting that websites should clearly display downloadable consent forms and require parents to use credit cards or government-issued identification to authenticate their age and identity.

Despite these efforts to clarify and bolster existing protections, some experts contend that COPPA provides only limited protection. Katharina Kopp, the Director of Policy for the Center for Digital Democracy, reportedly notes that COPPA leaves children to be “unscrupulously exploited and taken advantage of by pervasive data-driven digital marketing and entertainment systems.”

The Regulatory Review is a daily online publication that provides accessible coverage of regulatory policymaking and enforcement issues across a full range of regulatory topics and from a variety of perspectives… .

Launched in 2009 and operating under the guidance of Cary Coglianese, Edward B. Shils Professor of Law and Professor of Political Science, The Review is edited by students at Penn Carey Law. It is part of the overarching teaching, research, and outreach mission of the Penn Program on Regulation (PPR), which draws together more than 60 faculty from across the University of Pennsylvania.

Read the full article at The Regulatory Review.