ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø

Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP established its industry-driven structure. In fact, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Focus on Children’s Online Privacy Protections

Strengthening protections for collection, use, and retention of children’s personal information

Columns

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Insights

  • Personal Information: Changes in the collection, data, use and retention of children’s personal information, including biometric identifiers.
  • Data Security and Retention:ÌýHeightened standards to show ‘reasonable needâ€� for use/retention and security based on data sensitivity.
  • Burden on Providers: Focus on parental consent, but also a shift of burden from parents to providers for safety/security.
  • States Step In: State laws and regulations can diverge from (and may expand on) federal requirements in areas such as the definition of “childâ€�, covered operators, and parental controls.

Ìý³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å³å

June 2025

Amid the ongoing push for U.S. leadership in technology innovation and heightened attention to AI, cybersecurity, and data protection, federal regulators and individual states are looking to strengthen privacy protections for children’s personal information. Examples include:

  1. A Federal Trade Commission (FTC) workshop examining children’s online safety
  2. Amendments to FTC regulations implementing the Children’s Online Privacy Protection Act (COPPA)
  3. Recent state laws and regulations covering protections such as parental consent, disclosure, and data retention

FTC Workshop

On June 4, 2025, the FTC conducted a public workshop to bring together “parents, child safety experts, and government leaders� to examine concerns related to children’s online protections, including “addictive design features,� parental authority, and exposure to “harmful content� as well as to discuss potential solutions, including age verification and parental consent requirements.

Key topics included:

  • Use of FTC’s consumer protection scope to enforce age verification and children’s privacy
  • Stronger requirements for operators to seek parental consent regarding users under the age of 13
  • Balancing protecting children’s data against competitive entrepreneurialism
  • Use of incentives before penalties for media companies to strengthen age verification
  • Partnership between the states and parents to shield children from harmful content online, as opposed to sole responsibility belonging to parents
  • Legislative efforts to increase children’s online privacy protections, such as the recently enacted Take It Down Act and other bills under consideration (e.g., COPPA 2.0, Kids Online Security Act (KOSA), App Store Accountability Act), including provisions on:
    • Minimization of data gathering from children
    • Algorithmic transparency for sites directed at children, including mixed audience sites
    • Increasing focus on state-level legislation for age verification
  • Gaps in regulation for teenagers (users between the ages of 13 and 18), including parental rights to delete children’s data
  • Segregation of data for minors on separate servers from aggregated data for adult users
  • Educational plans for teaching privacy and online safety to children

Amendments to the FTC COPPA Rule

The FTC amendments to update its rule implementing the Children’s Online Privacy Protection Act (COPPA), which requires websites and online services to obtain verifiable parental consent before collecting, using, or disclosing the personal information of children under 13 years of age. The final amendments are generally the same as previously proposed (read the ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Alert), though provisions related to education technology and the role of schools were deferred in anticipation of future rulemaking by the Department of Education under the Family Educational Rights and Privacy Act (FERPA).

The amendments become effective June 23, 2025, with compliance required by April 22, 2026 (though certain provisions related to COPPA Safe Harbor Programs have earlier compliance dates (e.g., 90 days and six months after publication of the final rule.))

The amendments include:

Topic

Description

Definition of "Personal Information"

Ìý

Expanded to include government-issued identifiers and biometric identifiers such as fingerprints, handprints, retina and iris patterns, DNA sequences, voiceprints, and gait patterns.

Exception from prior parental consent provided for collection of audio files containing a child's voice and no other personal information for purposes of responding to a request.

Third-Party Data Sharing

Requirement for separate parental consent before disclosing children's personal information to third-party companies for targeted advertising or other purposes.

Data Security Programs

Requirement for operators to establish, implement, and maintain a written information security program to protect personal information.

No need for a separate policy for children's data if an existing policy meets the requirements.

Data Retention/Deletion

Requirement for operators to retain personal information collected from children only for as long as necessary to fulfill the original purpose for collecting it; data may not be retained indefinitely.

A written data retention policy must set forth the purposes for which the information is collected, the business purpose for retaining it, and the timeframe for deleting it.

Parental Consent

New methods to obtain verifiable parental consent, including:
  • Text messages paired with additional verification steps (in certain conditions)
  • Knowledge-based authentication (e.g., questions)
  • Facial identification matches with government-IDs

Mixed-Audience Sites

Definition of mixed-audience to include sites:

  • Directed to children but not targeting children as primary audience.
  • Do not collect personal information before determining if the visitor is a child.

Retention of the “two-step� process for determining a “mixed audience� site.

Parental consent exceptions apply to mixed audience sites.

Age-Gating

Mixed audience sites and services may collect personal information for the limited purposes of determining visitor age.

Age-gating (asking user for their age) must not default to a set age or encourage falsification of age information.Ìý

Safe Harbor Program

Program participants must publicly disclose membership lists.

Enhanced reporting to the FTC, including an independent assessment of compliance with the program guidelines, a description of the business model, consumer complaints received, and disciplinary actions taken.


State Laws and Regulations

States are actively introducing laws and regulations to protect children (up to 13 years of age) and minors/teens (13-17 years of age) and their personal information on social media, gaming platforms, and other digital services. These protections vary by state and may include: Ìý

Topic

Description

Parental Consent and Age Thresholds

Verifiable parental consent required for online activity of children between the ages of 13 and 17 (age thresholds vary by state), including:

  • Collection and use of data
  • Push feeds and notifications
  • Unsolicited direct messaging
  • Targeted advertising, algorithmic recommendations

More than 20 states have implemented identity verification protections (e.g., AL, KS, TN, VA).

Notice and Data Management

Standards for use of children’s data, including age-appropriate and concise notices and detailed transparency about ads and data handling practices (e.g., IL).

Requirements around retaining children’s data, including data minimization, retention, and prompt deletion, limiting data collection to what is necessary and requiring deletion once the data are no longer needed (e.g., OH).

Enforcement

Enforcement mechanisms for violations of children’s privacy laws, e.g., laws in FL, IL, NY, VA authorize civil penalties.

Dive into our thinking:

Focus on Children’s Online Privacy Protections

Strengthening protections for collection, use, and retention of children’s personal information

Download PDF

Explore more

Points of View
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Points of View

Insights and analyses of emerging regulatory issues and their impact.

Read more
Regulatory Insights View
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Regulatory Insights View

Series covering regulatory trends and emerging topics

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Regulatory Alerts

Quick hitting summaries of specific regulatory developments and their impact.

Read more

Get the latest from ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Insights

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.

Subscribe

Meet our team

Image of Amy S. Matsuo
Amy S. Matsuo
Principal, U.S. Regulatory Insights & Compliance Transformation Lead, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP
Read bio
Image of Orson Lucas
Orson Lucas
Principal, Advisory, Cyber Security Services, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø US
Read bio
Image of Amy S. Matsuo
Amy S. Matsuo
Principal, U.S. Regulatory Insights & Compliance Transformation Lead, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP
Read bio
Image of Orson Lucas
Orson Lucas
Principal, Advisory, Cyber Security Services, ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø US
Read bio

Thank you

Thank you for signing up to receive Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest from ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Insights

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments. Get the latest perspectives on evolving supervisory, regulatory, and enforcement trends.Ìý

To receive ongoing ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø Regulatory Insights, please submit your information below:
(*required field)

By submitting, you agree that ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP may process any personal information you provide pursuant to ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP's .

An error occurred. Please contact customer support.

ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø. Make the Difference.


Some or all of the services described herein may not be permissible for ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters� subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

©Ìý2025 ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP, a Delaware limited liability partnership and a member firm of the ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø global organization of independent member firms affiliated with ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø global organization please visitÌý.

Thank you!

Thank you for contacting ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø.ÌýWe will respond to you as soon as possible.

Contact ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø

Use this form to submit general inquiries to ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø. We will respond to you as soon as possible.

By submitting, you agree that ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP may process any personal information you provide pursuant to ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø LLP's .

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø can help assist you with.

Office locations

View locations

International hotline

You can confidentially report concerns to the ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline