United States of America: Federal Trade Commission's amended Children’s Online Privacy Protection Rule (COPPA Rule) enters into force

On 23 April 2026, the Federal Trade Commission’s (FTC) amended Children’s Online Privacy Protection Rule (COPPA Rule) enters into force. All subject operators are required to comply with the Rule’s provisions by 22 April 2026. Operators must confirm that any mixed audience website or online service does not collect personal information before determining whether a visitor is under 13 years old, unless such collection falls under a permitted exception. Age-screening methods must be designed to avoid defaults or prompts that encourage the user to misrepresent their age. The use of biometric identifiers and mobile phone numbers must be limited to their defined purposes, with strict adherence to updated definitions and parental consent requirements. Entities are also required to implement appropriate measures for notice delivery, secure data handling, deletion policies, and compliance with the annual evaluation and reporting obligations for FTC-approved Safe Harbor programmes.