The FTC’s new COPPA amendments could reshape the internet landscape for children under 13, requiring companies to rethink how they handle young users’ data.
Story Overview
- The FTC’s COPPA amendments demand parental consent for data collection from children under 13.
- These changes mark the first major update to the COPPA rule since 2013.
- New rules expand personal information to include biometric data, and mandate stricter data security.
- Companies face a compliance deadline of April 22, 2026, to adapt to the new regulations.
FTC’s COPPA Rule Update: A Decade in the Making
The Federal Trade Commission has finalized significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, marking the first major update since 2013. These changes, effective June 23, 2025, require companies to obtain verifiable parental consent before collecting personal data from children under 13. With the rise of digital platforms targeting young audiences, the FTC aims to strengthen privacy protections in response to technological advancements.
The amendments reflect a broadened definition of personal information, now including biometric data. This change underscores the FTC’s commitment to safeguarding sensitive data, especially as biometric technology becomes more prevalent in digital interactions. Companies must also adhere to stricter data retention and security standards, ensuring that children’s information is handled with heightened care and transparency.
Implications for Companies and Parents
For companies, these new regulations mean a significant overhaul of current data collection practices. Businesses operating websites, apps, and platforms directed at children under 13 must implement systems to secure explicit parental consent before data collection. This requirement not only increases transparency but also empowers parents to have greater control over their children’s online presence.
The amendments also introduce mandatory public disclosure of Safe Harbor program membership. This move is intended to enhance accountability and trust within the industry, providing parents with clearer insights into the data management practices of companies that cater to young users. These changes are poised to shift the power dynamics, offering parents more authority over their children’s digital footprint.
Broader Impact and Compliance Challenges
As companies rush to meet the April 22, 2026, compliance deadline, the economic implications are substantial. The cost of updating privacy policies, obtaining parental consents, and implementing new data security measures could be significant. While these changes aim to protect children, they also pose challenges for businesses that heavily rely on targeted advertising to children.
In the broader context, these amendments could set a precedent for future privacy legislation, both domestically and internationally. As the U.S. aligns its privacy protections with global standards, such as the EU’s GDPR, there is a potential ripple effect across industries, possibly influencing privacy practices in sectors like education technology and gaming.
Sources:
Privacy and Data Security Insight (May 2025)
Koley Jessen Legal Analysis (June 2025)
eCFR: Children’s Online Privacy Protection Rule
“`
