On January 16, 2025, the Federal Trade Commission (FTC) voted 5-0 to approve the finalized amendments to the Children’s Online Privacy Protection Rule (COPPA Rule) that would offer additional privacy safeguards for children under the age of thirteen.
The amened COPPA Rule will require operators to obtain separate verifiable parental consent before disclosing personal information collected from children for targeted advertising or any other purposes that are not “integral” to the operators’ websites or online services. Operators will also have to establish, implement, and maintain reasonable written information security program and data retention policy; indefinite retention of children’s personal information will be prohibited.
The FTC declined to adopt certain amendments it originally proposed in January 2024, which we discussed in detail in our previous advisory. For instance, the FTC removed the proposed changes that would codify requirements for educational technology companies operating in a school environment or that would prohibit the use of push notifications without parental consent. Notably, the FTC reiterated its continued concern about “the use of push notifications and other engagement techniques to keep kids online in ways that could harm their mental health”.
The amended COPPA Rule will become effective sixty days following its publication in the Federal Register, and operators will have one year to comply with the amended COPPA Rule. Certain obligations applicable to safe harbor programs will require earlier compliance.
Alston & Bird’s Privacy, Cyber & Data Strategy Team will continue to monitor developments surrounding children’s privacy and online safety regulations. Please contact us if you have any questions.
