Children and Teens’ Online Privacy Protection Act
- Bill Number
- S. 836
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 2
- Policy Area
- Commerce
- Status
- Passed Senate
- Latest Action
- 2026-03-16: Held at the desk.
- Last Updated
- 2026-06-11T23:26:34Z
AI-Generated Summary
Purpose
The Children and Teens' Online Privacy Protection Act (S. 836) aims to update the Children's Online Privacy Protection Act of 1998 (COPPA) by expanding privacy safeguards for children's personal information online and extending similar protections to teenagers aged 13 to 16. It seeks to limit the collection, use, and sharing of personal data by online operators, prevent targeted advertising to minors, and promote safer digital environments while allowing necessary data use for services.
Key Provisions
- Expanded Definitions: Broadens terms like "operator" to include providers of websites, online services, apps, and mobile apps that collect or allow collection of personal information from children (under 13) or teens (13-16). "Personal information" now includes identifiers like names, addresses, emails, photos, geolocation, biometrics (e.g., fingerprints or facial scans), and data linkable to minors. Excludes certain audio files used temporarily for voice commands if handled securely.
- Prohibitions on Data Practices: Bans operators from collecting personal data from minors except when necessary for a specific service or required by law. Prohibits using such data for targeted (individual-specific) advertising to children or teens, storing data abroad without notice, or retaining it longer than needed. Allows contextual advertising (based on page content, not user data) but not personalized ads based on profiles or similar groups.
- Consent and Parental/Teen Rights: Requires verifiable consent (e.g., clear authorization after notice) from parents for children or directly from teens for data collection, use, or changes in purpose. Parents and teens can request access, deletion, correction, or challenges to data accuracy. Operators must provide clear notices about data practices and secure data with reasonable protections.
- Educational Exceptions: Waives parental consent for operators under written agreements with schools, if data is used only for educational purposes and schools notify parents.
- Enforcement and Studies: Directs the Federal Trade Commission (FTC) to issue guidance on implied knowledge of a user's age (based on objective circumstances, without mandating age verification). Requires FTC reports on app oversight, enforcement actions, and complaints. Mandates a Government Accountability Office (GAO) study on teens' use of financial tech products and privacy/mental health risks.
- Safe Harbors and State Actions: Allows self-regulatory programs to offer compliance guidance. Permits states to enforce violations and enact stronger laws, but federal rules preempt conflicting state laws.
- Other Rules: Prohibits terminating services solely for data deletion requests (if possible without the data). Explores a common consent mechanism for multiple operators. Includes severability to keep the law intact if parts are invalidated.
Significant Changes to Existing Law
- Age Expansion: Extends COPPA from only children under 13 to include teens up to 16, with teens able to consent directly in some cases (unlike children, who always need parental consent).
- Broader Scope: Adds mobile and online apps to the original focus on websites/online services; expands "personal information" to cover biometrics, geolocation, and linked data; introduces "knowledge fairly implied" for age awareness (beyond "actual knowledge"), based on objective evidence like site content.
- Stricter Limits: Explicitly bans targeted advertising using minor data (previously regulated but not outright prohibited); requires data deletion after use and notice for international transfers; adds teen rights to access/delete data, mirroring but adapting parental rights.
- Regulatory Updates: Mandates FTC guidance on age inference without requiring age gates; allows service continuation post-deletion; requires analysis of impacts on small businesses under the Regulatory Flexibility Act.
Potential Impacts
- On Government Agencies: Increases FTC workload for enforcement, guidance, reports (annual on actions/complaints, one on app oversight), and feasibility studies for common consent tools. GAO must conduct a study on financial tech risks to teens. States gain enforcement powers, potentially leading to more coordinated actions.
- On Citizens: Enhances privacy for children and teens by limiting data collection and ads, giving families tools to control/delete information, and reducing risks like profiling or foreign data storage. Teens gain autonomy in consent but face bans on personalized marketing. Parents/schools must monitor agreements.
- On International Relations: Requires notice for data transfers abroad, which could affect U.S. tech firms' global operations but promotes data protection standards; no direct impact on foreign policy, though it aligns with global privacy trends (e.g., GDPR).
Main Stakeholders Affected
- Children and Teens: Primary beneficiaries through stronger data protections and rights to control personal information.
- Parents and Guardians: Gain expanded notice, consent, and review rights for children's data; must engage more with school agreements.
- Online Operators and Tech Companies: Face stricter compliance (e.g., no targeted ads, deletion requirements), especially app developers and advertisers; small entities get regulatory impact analysis.
- Educational Agencies and Institutions: Can partner with operators for ed-tech but must ensure notices and parental access under agreements.
- FTC and State Attorneys General: Lead enforcement, with states able to sue for violations.
- Financial Tech Providers: Subject to GAO scrutiny for teen privacy/mental health risks.
Notable Legal, Constitutional, or Political Implications
- Legal: Preempts conflicting state laws but allows stronger ones, fostering a federal baseline with state flexibility. Emphasizes "verifiable consent" and "objective circumstances" for age knowledge, avoiding mandatory age verification to prevent overreach. Safe harbors encourage self-regulation; severability protects the law's core.
- Constitutional: Balances privacy rights (under implied constitutional protections) with free speech by allowing age-appropriate ads and contextual ones, but bans targeted ads could face First Amendment challenges if seen as restricting commercial speech. No direct equal protection issues, as it treats children/teens differently based on age.
- Political: Builds bipartisan support for child safety online amid rising concerns over data privacy and mental health; requires congressional reports, enabling oversight. Potential for industry pushback on ad restrictions, but promotes innovation in consent mechanisms and ed-tech.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (21)
Sen. Cassidy, Bill [R-LA], Sen. Cantwell, Maria [D-WA], Sen. Schatz, Brian [D-HI], Sen. Capito, Shelley Moore [R-WV], Sen. Klobuchar, Amy [D-MN], Sen. Crapo, Mike [R-ID], Sen. Wyden, Ron [D-OR], Sen. Grassley, Chuck [R-IA], Sen. Luján, Ben Ray [D-NM], Sen. Blumenthal, Richard [D-CT], Sen. Merkley, Jeff [D-OR], Sen. Welch, Peter [D-VT], Sen. King, Angus S., Jr. [I-ME], Sen. Kelly, Mark [D-AZ], Sen. Britt, Katie Boyd [R-AL], Sen. Heinrich, Martin [D-NM], Sen. Ossoff, Jon [D-GA], Sen. Schumer, Charles E. [D-NY], Sen. Cornyn, John [R-TX], Sen. Kim, Andy [D-NJ], Sen. McCormick, David [R-PA]
Recent Actions
- 2026-03-16: Held at the desk.
- 2026-03-16: Received in the House.
- 2026-03-16: Message on Senate action sent to the House.
- 2026-03-05: Passed Senate with amendments by Unanimous Consent. (consideration: CR S860-869; text: CR S861-868)
- 2026-03-05: Passed/agreed to in Senate: Passed Senate with amendments by Unanimous Consent.
- 2026-01-27: Placed on Senate Legislative Calendar under General Orders. Calendar No. 304.
- 2026-01-27: Committee on Commerce, Science, and Transportation. Reported by Senator Cruz with amendments. With written report No. 119-99.
- 2026-01-27: Committee on Commerce, Science, and Transportation. Reported by Senator Cruz with amendments. With written report No. 119-99.
- 2025-06-25: Committee on Commerce, Science, and Transportation. Ordered to be reported with amendments favorably.
- 2025-03-04: Read twice and referred to the Committee on Commerce, Science, and Transportation.
- 2025-03-04: Introduced in Senate
Bill Versions
- Children and Teens’ Online Privacy Protection Act — issued 2026-03-05 — PDF (42 pages)
- Children and Teens’ Online Privacy Protection Act — issued 2025-03-04 — PDF (40 pages)
- Children and Teens’ Online Privacy Protection Act — issued 2026-01-27 — PDF (42 pages)