FTC releases COPPA updates that will come into effect in June

The overhaul of the rule, which hasn't been amended since 2013, includes enhancements to protect kids' personal information and govern how companies obtain parental consent.

April 24, 2025

The FTC has published updates to the Children’s Online Privacy Protection Act (COPPA)—marking the first major overhaul of the rule since 2013. Aimed at strengthening the protection of kids’ personal information in the face of modern technology, the new rule goes into effect on June 23, 2025, and companies have until April 22, 2026 to comply.

One key change expands COPPA’s definition of personal information that companies are allowed to collect, use or store with parental consent to include a child’s biometric data (such as fingerprints, retina patterns, voiceprints or faceprints).

Under the amended rule, companies must obtain separate parental consent before disclosing any personal information collected about children to third parties, including advertisers. It’s a strategy to curb the monetization of this data. Requiring distinct parental approval closes a loophole that some operators have been taking advantage of by bundling data-sharing with advertisers into the consent parents give for other purposes.

Along these same lines, companies also have to beef up online privacy policies by disclosing the identities of all third-party data recipients. And their policies must make it clear how long children’s information will be stored, as well as how it will be used.

For operators that don’t disclose personal information to third parties, the updated COPPA rule introduces a new “text plus” method for starting to obtain parental consent through text (as opposed to email).

The modified rule also lays out detailed requirements for establishing and maintaining procedures that keep kids’ data secure. Per the change, companies need to have a security strategy in writing that meets FTC requirements, which include having at least one employee designated to coordinate the program, and conducting risk assessments at least annually.

Children’s privacy will likely remain an FTC priority this year—and it should be one for the tech companies it governs, too, since COPPA can currently levy maximum penalties of roughly US$53,000 per violation.

Image courtesy of Patricia Prudente via Unsplash.

TAGS:

Children's Online Privacy Protection Act, COPPA, COPPA amendments, digital safety, FTC, kids digital safety, kids safety, tech companies

About The Author

Senior reporter for Kidscreen. Ryan covers tech, talent and general kids entertainment news, with a passion for kids rap content and video games. Have a story that's of interest to Kidscreen readers? Contact Ryan at rtuchow@brunico.com

// Author Page