Legal Landscape

The Children’s Online Privacy Protection Act (COPPA) and certain provisions of the General Data Protection Regulation (what we call GDPR-K) were created to protect the privacy of kids online. COPPA is administered by the Federal Trade Commission (FTC) and the GDPR by each EU countries’ data protection authority or DPA (it became enforceable in all EU member states in May 2018). Both laws have an extraterritorial scope, which means they are enforceable against companies based anywhere in the world to the extent they have users in the USA or EU respectively.

COPPA defines children as users of any digital service that are below the age of 13 while GDPR-K defines them as under 16.

Note that GDPR-K has been implemented in the UK via the new Data Protection Bill, and its provisions will apply in the UK irrespective of Brexit.

Further reading

For more detail on the above summary, please read our FAQ’s:

Furthermore, for an exhaustive breakdown of each law, please refer to the below reading: