United States of America: Federal Trade Commission's amended Children’s Online Privacy Protection Rule (COPPA Rule) enters into force with grace period

On 23 June 2025, the Federal Trade Commission’s (FTC) amended Children’s Online Privacy Protection Rule (COPPA Rule) enters into effect with a grace period until 22 April 2026 for operators to fully implement the Rule’s provisions. The amendments enforce new requirements for content moderation and data handling practices across websites and online services directed to children under the age of 13. The amendments introduce a definition for “mixed audience website or online service,” applying to platforms that are child-directed but do not primarily target children, and mandate the use of neutral age-screening methods before any personal information is collected, except where permitted under section 312.5(c). “Online contact information” now includes mobile telephone numbers, provided they are used solely to send text messages to parents for the purpose of initiating the parental consent process. The scope of “personal information” is expanded to cover biometric identifiers capable of automated or semi-automated recognition, such as fingerprints, retina and iris patterns, DNA sequences, and data derived from voice, gait, or facial features. Additional changes address operators’ obligations relating to notice provision, data security, retention, deletion, and the annual reporting requirements of COPPA Safe Harbour programmes.