Sponsors (2)
Introduced November 25, 2025 by Tim Walberg · Last progress November 25, 2025
The bill strengthens children's online privacy and parental/teen control across more services and data types, but it increases compliance costs, enforcement risk, and potential limits on services (and may preempt stronger state rules), shifting a trade-off between stronger protections and greater burdens on operators and regulators.
Parents and teens gain clear new rights to review, correct, delete, and refuse further collection of a teen's personal information, increasing individual control over kids' data.
Children and teens face reduced individualized profiling because operators are barred from collecting or using their personal data for targeted, individual-specific advertising.
Children, parents, and schools get broader privacy protections because the statute covers more online services and expands the definition of personal information to include biometrics and persistent identifiers.
Small app developers and operators will face higher compliance costs to meet new consent, data-handling, and security requirements, which may reduce the number of child-focused services or raise prices.
Operators that rely on individualized advertising or certain data retention/cross-border practices may have to shut down features or services for children and teens, reducing available functionality or services.
Nonprofits, some schools, and other mission-driven groups may face increased enforcement risk and legal uncertainty because broader FTC authority and expanded definitions could bring them under COPPA obligations.
Based on analysis of 6 sections of legislative text.
Broadens COPPA coverage and definitions, tightens the knowledge standard, expands what counts as children’s personal information, limits targeted advertising to kids, and requires FTC reports.
Changes to the Children’s Online Privacy Protection Act expand which online services and operators must follow the law, broaden what counts as a child’s or teen’s “personal information,” and tighten the standard for when a company is treated as knowing it collected such information. The bill also narrows the nonprofit exception, limits targeted advertising to children and teens, and creates new FTC reporting requirements on industry practices and enforcement activity. Companies that run websites, mobile apps, or online applications directed at or used by children and teens would face clearer and broader privacy obligations, while parents and kids gain stronger protections around identifiers, location, biometrics, photos, audio, and other data. The FTC must produce an enforcement report within one year and annually, and an oversight report on high‑impact child-directed social platforms within three years. The act includes a severability rule so remaining provisions stand even if part is struck down.