Beyond targeted advertising: Key changes to COPPA Child Online Protection Law

The Children’s Online Privacy Protection Act (COPPA) has been the primary legislation in the United States for over two decades, safeguarding the privacy of children under the age of 13 in the digital environment. But what exactly is COPPA, and why is its recent reform so significant?

E

nacted in 1998, COPPA governs how businesses collect, use, and share children’s personal information online. Its main objective is to give parents control over their children’s data, requiring digital platforms and services aimed at minors to obtain parental consent before collecting any personal information. 

TrustCloud, a platform specialising in secure identity verification, is designed to facilitate regulatory compliance with continuous updates while enhancing authentication processes and access to online services. 

This law primarily applies to websites, mobile applications, and online services specifically targeting children under the age of 13. However, it also affects general platforms that knowingly collect data from minors. 

In a rapidly evolving digital landscape—shaped by social media, online gaming, and advanced technologies such as artificial intelligence—protecting children’s data is more crucial than ever. The recent reforms to COPPA address these emerging challenges. 

The current context: why was a reform necessary? 

Children are increasingly exposed to online platforms that collect personal data for targeted advertising, behavioural analysis, and other activities. Without updated regulations, these practices could compromise their privacy and security. 

Ensuring that a user is genuinely a parent or guardian before granting consent is a crucial step in protecting children. Without a reliable verification system, COPPA’s measures risk being ineffective in practice. 

Key aspects of the COPPA reform 

• Mandatory parental consent for targeted advertising. Companies must obtain explicit and verifiable parental consent before sharing children’s information with third parties for advertising purposes. This marks a significant step forward, ensuring that parents are fully informed about how their children’s data is being used. 

• Restrictions on data retention. Companies may only retain children’s data for as long as it is strictly necessary for the specific purpose for which it was collected. This measure not only reduces the risk of misuse but also minimises the possibility of security breaches. 

• Expansion of the definition of personal data. Biometric identifiers—such as fingerprints and facial recognition data—as well as government-issued identification numbers, are now classified as sensitive information. This update acknowledges the impact of emerging technologies and strengthens protections against the misuse of sensitive data. 

• Greater transparency in self-regulation programmes (Safe Harbor). Voluntary compliance programmes must now provide detailed reports and publish lists of their members. This fosters trust and ensures that companies participating in these initiatives genuinely adhere to regulatory requirements. 

The impact of the reforms on the industry 

For many businesses, these reforms present significant challenges, particularly those whose business models rely on data collection for targeted advertising. The key adjustments they will need to implement include: 

• Ensuring that children’s data is not retained beyond the necessary period. 

• Adopting technologies to obtain and validate parental consent. 

• Adjusting advertising strategies to comply with COPPA’s new restrictions. 

On the other hand, these measures also present an opportunity. Companies that prioritise regulatory compliance and the protection of children’s data will strengthen their reputation and gain the trust of their users, opening new business opportunities. 

The role of secure identity verification 

Complying with COPPA’s new regulations may seem complex, but technological solutions like TrustCloud simplify this process. TrustCloud provides advanced identity verification tools, tailored to business needs, ensuring that parental consent is valid and verifiable. 

How can TrustCloud help?

• Reliable authentication: Securely identifies parents or legal guardians through assisted or automated video identification, preventing fraud and invalid consent. 

• Simplified compliance: Enables businesses to efficiently meet regulatory requirements, reducing the risk of penalties. 

• User trust: Enhances the perception of businesses as responsible entities in data protection. 

The road ahead 

While this reform is a significant step forward, there are still outstanding issues that require attention, such as regulations on push notifications and techniques designed to capture and retain children’s attention. 

Adopting technologies like TrustCloud not only helps businesses comply with current regulations but also prepares them to adapt to future legislation at both local and global levels. 

For companies, the message is clear: compliance is not just a legal obligation but also an opportunity to demonstrate a commitment to security and user trust. Tools like TrustCloud make this process easier, helping to build a safer digital future for everyone. 

Get in touch with one of our specialists and avoid the risks of non-compliance