The Children’s Online Privacy Protection Act (COPPA) and certain provisions of the General Data Protection Regulation (GDPR-K) were created to protect the privacy of kids online. COPPA is administered by the Federal Trade Commission (FTC) and the GDPR by each EU countries’ data protection authority or DPA. Both laws have an extraterritorial scope, which means they are enforceable against companies based anywhere in the world if they have users in the USA or EU respectively.
COPPA defines children as users of any digital service that are below the age of 13, while GDPR-K defines them as under 16 (though this can be set lower by individual EU countries).
Note that GDPR-K has been implemented in the UK via the new Data Protection Bill, and its provisions will apply in the UK irrespective of Brexit.
For more detail on the above summary, please read our FAQ’s:
- Does COPPA or GDPR-K apply to me?
- Why is it important to be COPPA/GDPR-K compliant?
- Will GDPR-K apply to UK companies?
For an exhaustive breakdown of each law, please refer to the below reading:
For up-to-date information on important legal updates in the digital kids ecosystem, keep an eye on our blog.