United States of America: Children and Teens' Online Privacy Protection Act (COPPA 2.0/SB 836) including data protection requirements was reintroduced to Senate

On 4 March 2025, the Children and Teens' Online Privacy Protection Act (COPPA 2.0/SB 836) was reintroduced to the Senate. The Act aims to strengthen protections for the online collection, use, and disclosure of personal information of children and teens. The Act would further expand the definition of "operator" to include any person who operates a website, online service, online application, or mobile application that collects personal information from users. It also broadens the scope of personal information to include geolocation data, biometric information, and unique identifiers. The Act would mandate obtaining verifiable consent from parents or teens before collecting personal information and prohibit the use of such information for individual-specific advertising. It would mandate that operators provide clear and conspicuous notice about their data collection practices and obtain consent before using or disclosing personal information for any purpose that is a material change from the original purposes. The Act would also require operators to implement reasonable security practices to protect the confidentiality, integrity, and accessibility of personal information. Additionally, the Act would direct the Federal Trade Commission (FTC) to conduct studies and submit reports on the oversight and enforcement of mobile and online applications directed at children.