As early as the late 90s, parents have recognized the potential dangers of letting their children explore the internet unsupervised. Not only does the internet play host to plenty of potentially inappropriate content, but the rise of social media platforms, eCommerce, and widespread digital advertising means that there’s always someone looking to keep track of your personal information. This has led to widespread issues, from illegal data sharing to identity theft.

These concerns have led to the creation of laws designed to protect people’s privacy, especially those of children. One example of this is the Children’s Online Privacy Protection Act (or COPPA). An early attempt to curb online data collection, it set various requirements for websites in regard to how it managed the personal information of younger internet users. However, while COPPA was made with the best of intentions, it has had a relatively limited impact, leaving parents as the main arbiter of their children’s online safety.

What Is COPPA?

The Children’s Online Privacy Protection Act of 1998 is a United States federal law, that went into effect on April 21, 2000. It was designed to limit the online collection of personal information belonging to children under 13 years of age. The law includes various requirements for websites’ privacy policies, including when and how to seek consent from a parent or guardian, along with what responsibilities an operator has to protect children’s privacy and safety online.

In September 2011, further revisions to the COPPA rules were proposed, mandating that any data obtained from children be retained only for the amount of time necessary to achieve the purpose that it was collected for. Also, it added requirements that website operators must ensure that any third parties to whom a child’s information is disclosed have procedures in place to protect the information.

Why COPPA Isn’t Enough

One of the chief problems with COPPA is that it offers very certainty in terms of how to actually enforce its rules. There have certainly been attempts to meaningfully enforce the law: in 2019, the government of New York sued YouTube for violating COPPA by illegally retaining information related to children under 13 years of age, which resulted in the service dividing its content strictly into “for kids” and “not for kids.” Yet these efforts drawn harsh criticism on both ends of the spectrum, with content creators expressing concerns for lost revenue due to fines for “mislabeled videos” and parents arguing that the “solution” does little to keep children safe.

The fact is that while the goals of COPPA are admirable, the protections they are offer are difficult to implement in a meaningful way. Social media platforms and other websites might require that children get an adult’s permission before they can start collecting data on them, but there is nothing in place to stop a child from access the website without their permission. Additionally, even if websites deny access to anyone under the age of 13, age fraud is both surprisingly common and difficult to prevent. Simply put, even if websites are serious about keeping kids safe online, they simply aren’t equipped to get the job done.

What Parents Can Do

While we should absolutely hold websites and online services responsible for the data they collect and how they use it, it is obvious that they cannot be fully trusted to protect children online, no matter what good intentions they may have. As it exists right now, COPPA just isn’t very effective, with a large number of children skirting around parental controls and ignoring the COPPA requirements in order to freely access the adult side of the internet.

Until better data privacy measures for EVERYONE become the norm, it is the duty of parents to keep their kids safe. Teach your children about the importance of data privacy and the dangers of identity theft, keep track of what websites they’re spending the most time on, and invest in online filtering software to keep them away from the shadier side of the internet. If you cannot rely on the internet to protect your kids and their data, then you must take it into your own hands.