Both the Federal Trade Commission (FTC) and U.S. states attorneys general can bring COPPA enforcement actions, levying civil penalties of up to $40,654 per violation, e.g. a single user. Fines in recent years have ranged from $100,000 to $170,000,000. More information about the FTC’s COPPA enforcement actions can be found by clicking on the Case Highlights link in the FTC’s Business Center.
In the US, in particular, there is a further risk of civil lawsuits for infringement of privacy which may cite COPPA, as we’ve seen in recent cases you can review here. We should also expect to see a fresh wave of personal liability actions against company officers who fail to comply with their COPPA obligations in their businesses.
Under the GDPR organisations can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement. Find out more here.