Key Takeaways

• COPPA (Children's Online Privacy Protection Act) is a US federal law that protects children under 13 online

• Websites and apps must get verifiable parental consent before collecting personal information from children

• Ad monetization on child-directed content requires using contextual rather than behavioral targeting

• Non-compliance can result in hefty fines up to $50,120 per violation

• The FTC proposed major updates to COPPA in December 2023 that could further restrict data collection

What is COPPA, Anyway?

If you've ever wondered why YouTube asks if your content is made for kids or why some websites have age gates, COPPA is the answer.

COPPA stands for the Children's Online Privacy Protection Act, a US federal law passed in 1998 that came into effect in April 2000. Its whole purpose is to protect the personal information of children under 13 years old online. The Federal Trade Commission (FTC) enforces these rules, and they don't mess around when it comes to violations.

Think of COPPA as the digital equivalent of "stranger danger" warnings – it stops companies from collecting kids' data without their parents knowing about it.

Why Does COPPA Exist?

Back in the 90s, as the internet was booming, marketers realized they could easily collect information from children online without any oversight. No one was watching, and the data was valuable.

Congress got wind of this and wasnt happy. They created COPPA as a response to these sneaky data collection practices. The goal was simple: give parents control over what information websites could collect from their kids.

Who Needs to Comply with COPPA?

COPPA applies to:

1. Websites or online services specifically directed to children under 13

2. General audience websites that know they're collecting data from kids under 13

3. Third-party services (like ad networks) when they know they're collecting data from child-directed sites

This means if your website has cartoon characters, kid-focused games, or content clearly aimed at young children, you're on the hook for COPPA compliance. According to the Interactive Advertising Bureau, even if only a portion of your site targets kids, those sections must be COPPA-compliant.

How COPPA Affects Monetization

Here's where publishers really feel the pinch. COPPA severely limits how you can monetize content aimed at children:

1. No Behavioral Advertising

The most profitable form of digital advertising – behavioral or targeted ads based on user data – is effectively banned without verifiable parental consent. According to Playwire, this can reduce ad revenue by 40-60% compared to non-COPPA content.

2. Contextual Advertising Only

Publishers must rely on contextual advertising (ads based on the content rather than user data) for child-directed content. For example, a kids' game about dinosaurs might show ads for dinosaur toys, but cant use data about the child to target them.

3. No Data Collection Without Consent

You can't collect names, emails, locations, photos, videos, audio recordings, or persistent identifiers (like cookies or device IDs) without getting verifiable parental consent first – which is difficult and rarely implemented.

4. Third-Party Ad Services

Many ad networks and programmatic platforms shy away from child-directed content due to compliance concerns. This further limits monetization options for publishers in the kids' space.

COPPA Compliance Basics

If your site or app falls under COPPA, you need to:

1. Post a clear privacy policy describing your information practices

2. Provide direct notice to parents and get verifiable consent before collecting personal information

3. Give parents the option to review and delete their children's information

4. Maintain reasonable procedures to protect the confidentiality and security of children's data

5. Retain data only as long as necessary to fulfill the purpose it was collected for

The YouTube COPPA Settlement: A Wake-Up Call

In 2019, YouTube and Google paid a record $170 million settlement for COPPA violations. The FTC alleged they collected personal information from viewers of child-directed channels without parental consent.

This led to major changes on YouTube, requiring creators to mark if their content is made for kids. When content is marked for children, personalized ads are disabled, comments are turned off, and other features that rely on user data are restricted.

What's Coming: COPPA 2.0

In December 2023, the FTC proposed significant updates to the COPPA Rule that could further restrict how companies collect and use childrens data:

1. A new "constructive knowledge" standard that could expand who's subject to COPPA

2. Additional limits on using ed-tech in schools

3. Expanded definition of "personal information"

4. Strengthened data security requirements

5. Stricter limitations on data retention

The public comment period for these proposed changes closed in March 2024, with final rules expected later this year.

The Bottom Line for Publishers

If you publish content for children or that might attract children, COPPA compliance isn't optional. The penalties for violations can reach $50,120 per violation, and the reputational damage can be even worse.

For publishers, this means:

• Carefully evaluating if your content is directed at children

• Working with your legal team to develop a COPPA compliance strategy

• Adjusting your monetization approach for child-directed content

• Staying informed about COPPA updates and enforcement actions

While COPPA certainly creates monetization challenges, remember that protecting children's privacy online is a responsibility we all share.