COPPA 2.0 FAQs: COPPA Enforcement

Sean Bryant

COPPA 2.0 compliance is just around the corner (July 1st, 2013). Whether your site is ready or not, you need to be asking, enquiring, and doing whatever you can to come up to par with the current regulations. There is a laundry list of provision’s the FTC has put in to place, and on their behalf, have offered reasonable responses and substantial time to comply.

Over the next week, Inversoft will supply shortened versions of the ‘Business and Parents and Small Entity Compliance Guide’.

Please remember, this is merely a simplified reference. For more detailed information refer to the link at the bottom of this page.

COPPA Enforcement

Image provided by Rolo del Campo 

COPPA Enforcement


1. How does the FTC enforce the Rule?

For information on COPPA enforcement, click on the Case Highlights link in the FTC's Business Center. Parents, consumer groups, industry members, and others that believe an operator is violating COPPA may submit complaints to the FTC through the FTC’s Web site,, or toll free number, (877) FTC-HELP.

2. What are the penalties for violating the Rule?

Operators who are in violation of the Rule for civil penalties are liable up to $16,000 per violation. Potential factors the court may assess: how bad the violation, previous violations, the number of children involved, the amount and type of personal information collected, how the personal information was used, was it shared with third parties and the size of the company.

 3. Can the states or other federal government agencies enforce COPPA?

Yes. As long as they are within jurisdiction, states and specific federal agencies have authority to enact COPPA compliance.

4. What should I do if my Web site or app does not comply with the Rule?

Stop collecting, disclosing, or using personal information from children under age 13 until the site/service is in compliance of the Rule.

It is important to review your online privacy policy and information practices. Look closely at what is being collected, how it's collected, how it is being used and whether you provide adequate data security, retention and deletion practices.

What information is being collected and is it necessary? Does the operator have tools in place that provide parents with notifications for obtaining verifiable information as well as the ability to review and delete their children's information?

5. Are Web sites and online services operated by nonprofit organizations subject to the Rule?

Many nonprofits are not subject to the Rule (Section 5 of the FTC Act). However, if a nonprofit operates for the profit of commercial members, they may be subject to COPPA compliance.

See FTC v. California Dental Association, 526 U.S. 756 (1999)

6. Does COPPA apply to Web sites and online services operated by the Federal Government?

Federal agencies must adhere to the COPPA Rule.

7. The Internet is a global medium.  Do Web sites and online services developed and run abroad have to comply with the Rule?

Yes. If the foreign-based site/service is directed or knowingly collect personal information on United States children, the Rule applies.

Definition of "operator" includes foreign-based sites/services involved in commerce in the United States and its territories. The same goes for US based sites/services and the collection of personal information on foreign children.

 For more detailed information on COPPA Enforcement click here.