The Children’s Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR-K)’s ‘Article 8’ were created to protect the privacy of kids online. COPPA is administered by the Federal Trade Commission (FTC) and the GDPR by each EU country’s data protection authority or DPA (it became enforceable in all EU member states in May 2018). Both laws have extraterritorial scope, which means they are enforceable against companies based anywhere in world to the extent they have users in the USA or EU respectively.
COPPA defines children as users of any digital service that are below the age of 13 while GDPR-K leaves this in the hands of EU member states to decide (ranging between <13 to <16).
Note that GDPR-K still applies in the UK irrespective of that country’s plans to leave the EU. It is therefore crucial for you to be fully compliant; not only to avoid potentially irreparable reputational damage, but also to avoid punitive penalties
- GDPR: Up to 4% of annual global turnover or €20 Million (whichever is greater).
- COPPA: Up to $40,654 (USD) per violation, e.g. a single user.