COPPA
US federal law protecting the online privacy of children under 13, implemented by the FTC COPPA Rule (16 CFR Part 312, amended April 2025): notice, verifiable parental consent, parental review and deletion rights, data minimisation, security, retention limits, safe harbor, and FTC and state-AG enforcement.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
COPPA Data Security and Retention
| Code | Title |
|---|---|
| COPPA-312.10 | Data Retention and Deletion (Written Retention Policy) |
| COPPA-312.8 | Confidentiality, Security, and Integrity (Written Information Security Program) |
COPPA Enforcement and Accountability
| Code | Title |
|---|---|
| COPPA-312.11 | FTC-Approved Safe Harbor Programs |
| COPPA-312.12 | Voluntary Commission Approval Processes |
| COPPA-312.9 | Enforcement as an Unfair or Deceptive Practice |
COPPA Notice to Parents
| Code | Title |
|---|---|
| COPPA-312.3 | General Requirements: Five Core Obligations |
| COPPA-312.4a | Notice: Clear, Complete, and Understandable |
| COPPA-312.4c | Direct Notice to the Parent |
| COPPA-312.4d | Online Notice of Information Practices (Privacy Policy) |
COPPA Parental Rights and Participation
| Code | Title |
|---|---|
| COPPA-312.6 | Right of Parent to Review and Delete Information |
| COPPA-312.7 | Prohibition Against Conditioning Participation |
COPPA Scope and Applicability
| Code | Title |
|---|---|
| COPPA-312.1 | Scope and Coverage of the COPPA Rule |
| COPPA-312.2-AK | Actual Knowledge Standard for General Audience Services |
| COPPA-312.2-DTC | Child-Directed and Mixed Audience Determination |
| COPPA-312.2-OP | Operator Determination and Covered Entities |
| COPPA-312.2-PI | Personal Information Scope and Inventory |
| COPPA-312.2-SIO | Support for Internal Operations Exception Definition |
COPPA Verifiable Parental Consent
| Code | Title |
|---|---|
| COPPA-312.5-SCH | School Authorization in Lieu of Parental Consent |
| COPPA-312.5a | Verifiable Parental Consent Requirement |
| COPPA-312.5b | Approved Methods of Verifiable Parental Consent |
| COPPA-312.5c | Exceptions to Prior Parental Consent |
Your Compliance Coverage
If you comply with COPPA, you already cover:
ESRB Privacy Certified
52%
11 controls mapped
Compare →GDPR
14%
3 controls mapped
Compare →CCPA/CPRA
14%
3 controls mapped
Compare →+ 3 more: Connecticut Data Privacy Act (CTDPA) (10%), Delaware Online Privacy and Protection Act (proposed) (5%)
See all 6 mapped frameworks ↓Maps to 6 other frameworks
Frequently Asked Questions
What is COPPA?
COPPA is a compliance framework from United States with 6 domains and 21 controls. US federal law protecting the online privacy of children under 13, implemented by the FTC COPPA Rule (16 CFR Part 312, amended April 2025): notice, verifiable parental consent, parental review and deletion rights, data minimisation, security, retention limits, safe harbor, and FTC and state-AG enforcement. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does COPPA have?
COPPA has 21 controls organised across 6 domains. The largest domains are COPPA Scope and Applicability (6 controls), COPPA Notice to Parents (4 controls), COPPA Verifiable Parental Consent (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does COPPA map to?
COPPA maps to 6 other compliance frameworks. The top mapping partners are ESRB Privacy Certified (52% coverage), GDPR (14% coverage), CCPA/CPRA (14% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with COPPA compliance?
Start your COPPA compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about COPPA requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 21 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required