COPPA Compliance Guide: Age Gating, Consent, and FTC

COPPA, the Children's Online Privacy Protection Act (15 U.S.C. §§ 6501-6506; 16 C.F.R. Part 312), applies if your site or app is directed to children under 13, or you knowingly collect their data. Start with a neutral age gate: ask for full birthdate or age without nudging users to claim they're 13+. Don't block solely for selecting "under 13"; instead route them to parent workflows. Collect the minimum data needed, and publish a clear, child-friendly privacy notice and parental contact options.

Before collecting personal information from a child, obtain verifiable parental consent under 16 C.F.R. § 312.5. Approved methods include small credit/debit card charge, government ID check with facial similarity, knowledgeable questions, signed consent form via fax/scan, or live video call; "email plus" is limited to internal-use data. Send direct notice to parents describing what you collect, how it's used, and their rights, per § 312.4. Keep time-stamped consent records, and allow easy review, deletion, and withdrawal.

The FTC enforces COPPA, with penalties per violation and mandated audits. Build a defensible program: conduct a COPPA risk assessment, vet adtech and SDK vendors, disable behavioral ads for under-13s, and implement data minimization, retention limits, and security (§ 312.3). Consider an FTC-approved Safe Harbor program (16 C.F.R. § 312.11). LegalDocs.ai provides age-gate language, parental consent flows, notices, vendor clauses, and audit-ready logs, so you can operationalize compliance, train staff, and respond quickly to complaints or investigations.