COPPA applies to commercial websites and online services (including mobile apps, talking toys, virtual assistants) directed to children under 13 that collect, use, or disclose personal information, including persistent identifiers (e.g. cookies, IP addresses, device identifiers), geolocation, voice recordings or images and videos of children.
Foreign-based websites and online services must comply with COPPA if they are directed to children in the United States, or if they knowingly collect personal information from children in the U.S. As a related matter, U.S.-based sites and services that collect information from foreign children also are subject to COPPA. Find out more here.
The GDPR is law across the EU and has been in force since May 25, 2018. It not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It requires companies to ensure they have a lawful basis for processing personal data. GDPR applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Find out more here.