COPPA Compliance: What Parents Need to Know About Kids' Online Research
Understand COPPA's parental consent requirements, data protections, and your rights when children participate in online research studies.
# COPPA Compliance: What Parents Need to Know About Kids' Online Research
Understanding COPPA: The Foundation
The Children's Online Privacy Protection Act (COPPA) is a United States federal law effective April 21, 2000, that applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online, including restrictions on the marketing of those under 13.
For parents of Junior account holders participating in online research, COPPA is your legal shield. When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act puts parents in control.
The Parental Consent Requirement
The cornerstone of COPPA is verifiable parental consent. As a general rule, operators must get verifiable parental consent before collecting personal information online from children under 13.
Researchers must obtain explicit consent from parents or guardians before collecting any personal information, and a clear and comprehensive privacy policy must outline how children's data will be collected, used, and protected. The COPPA Rule does not mandate the method a company must use to get parental consent. Instead, it says that an operator must choose a method reasonably designed in light of available technology to ensure that the person giving the consent is the child's parent.
Verifiable consent can include signed consent forms, video calls, or verified credit card transactions, and the 2025 amendments have further tightened these requirements, emphasizing the need for secure and transparent consent processes.
What Counts as "Personal Information"
Understanding what data is protected is critical. The amendments expand the definition of "personal information" to include biometric identifiers that can be used for the automated or semi-automated recognition of an individual, such as fingerprints, handprints, retina patterns, iris patterns, genetic data, including DNA sequences, voiceprints, gait patterns, facial templates, or faceprints, and government-issued identifiers, such as social security numbers, state identification card numbers, birth certificate numbers, or passport numbers.