COPPA Compliance & Online Research: What Parents Need
Survey Cash Club Research Desk
May 17, 2026
Understand COPPA rules, verifiable parental consent requirements, and data protection standards when your child participates in online research studies.
# COPPA Compliance & Online Research: What Parents Need to Know
What Is COPPA and Why It Matters
The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age, including children outside the U.S. if the website or service is U.S.-based. The COPPA Rule requires certain websites and other online services to obtain verifiable parental consent before collecting, using or disclosing personal information from children under 13.
When your child participates in online research—whether through surveys, questionnaires, or interactive studies—COPPA compliance is critical. COPPA applies if your research involves collecting personal information from children through online platforms, even if the research is non-commercial or academic.
Verifiable Parental Consent: The Foundation
As a general rule, operators must get verifiable parental consent before collecting personal information online from children under 13. This isn't a simple checkbox—it's a deliberate verification process.
The COPPA Rule does not mandate the method a company must use to get parental consent. Instead, it says that an operator must choose a method reasonably designed in light of available technology to ensure that the person giving the consent is the child's parent. This can include signed consent forms, video calls, or verified credit card transactions.
What this means for you: Before your child participates in any online research study, you should receive direct notice explaining what information will be collected and how it will be used. You'll be asked to actively confirm your consent—not just passively accept terms.
Data Collection: What's Considered Personal Information
The expanded definition of personal information includes biometric identifiers as well as government-issued identifiers. Personal information under COPPA includes online contact information like an email address or other identifier that permits someone to contact a person directly, screen name or user name where it functions as online contact information.
Operators are prohibited from conditioning a child's participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity. Legitimate research should only collect what's essential.
Data Security and Retention: Your Child's Protection
COPPA requires operators to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. You need to have a written information security program and implement safeguards that are appropriate to the sensitivity of the personal information, your size and complexity, and the nature and scope of your activities.
The rule requires covered operators to only retain personal information for as long as reasonably necessary to fulfill a specific purpose for which it was collected. This provision explicitly states that operators cannot retain the information indefinitely.
Your right: Provide mechanisms for parents to review their child's personal information, request its deletion, and refuse further collection or use.
Third-Party Data Sharing: New Protections
The final rule requires parents to opt in to third-party advertising and prohibits platforms and service providers from sharing and monetizing children's data without active permission. This is especially important for research studies that might share findings with advertisers or other organizations.
The COPPA Rule requires operators to provide a "direct notice" to parents when seeking their verifiable consent that must now include a description of how the operator intends to use the personal information the operator seeks consent to collect from the child as well as a description of whether the operator discloses it to one or more third parties.
Recent Updates: What Changed in 2025
The final Rule goes into effect on June 23, 2025, but provides operators until April 22, 2026, to comply with all provisions except certain annual reporting and notice requirements related to the COPPA safe harbor program that have earlier compliance dates. The 2025 amendments have further tightened these requirements, emphasizing the need for secure and transparent consent processes.
Questions to Ask Before Your Child Participates
Is the research organization COPPA-compliant? Ask directly or check for FTC Safe Harbor certification.
What data will be collected? Request a detailed list beyond what's in the privacy policy.
How long will data be kept? Ensure there's a clear deletion timeline.
Who has access to the data? Understand all third parties involved.
Can I review and delete my child's information? Verify the process for parental access.
What security measures protect the data? Ask about encryption and safeguards.
Enforcement and Violations
According to the FTC, courts may fine violators of COPPA up to $53,088 in civil penalties for each violation. Non-compliance carries serious consequences, including fines of up to $53,088 per violation and reputational harm.
The Bottom Line
COPPA exists to protect your child. When your child participates in online research, you have the right to know exactly what information is being collected, how it's protected, and who can access it. When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act puts parents in control.
Don't hesitate to ask questions. Legitimate research organizations welcome parental scrutiny and should provide clear, transparent answers about their COPPA compliance practices.
Sources
[Federal Trade Commission: Complying with COPPA: Frequently Asked Questions](https://www.ftc.gov/business-guidance/resources/complying-coppa-frequently-asked-questions)
[Federal Trade Commission: FTC Finalizes Changes to Children's Privacy Rule](https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-finalizes-changes-childrens-privacy-rule-limiting-companies-ability-monetize-kids-data)
[CITI Program: Ensuring Compliance with COPPA in Research](https://about.citiprogram.org/blog/ensuring-compliance-with-coppa-in-research/)
[Davis Wright Tremaine: FTC Amends COPPA Rule To Address Changes in Technology](https://www.dwt.com/blogs/privacy--security-law-blog/2025/05/coppa-rule-ftc-amended-childrens-privacy)