Are CIPA and COPPA Still Protecting Students Online?

Source: IStock

In modern educational environments, the responsibilities of educators extend far beyond teaching academic content. They also play a critical role in safeguarding students—both in the classroom and online. As internet usage becomes a fundamental part of learning, two federal laws stand out for their focus on protecting children in digital environments: the Children’s Internet Protection Act (CIPA) and the Children’s Online Privacy Protection Act (COPPA). While these laws were foundational when introduced, their ability to keep pace with the rapidly shifting digital landscape is increasingly under scrutiny.

CIPA, enacted in 2000 and enforced by the Federal Communications Commission (FCC), requires schools receiving E-rate funding to implement internet safety policies. These policies must include technology that blocks or filters access to harmful content and provisions for monitoring students’ online behavior. Schools are also required to educate students about appropriate internet use, including online etiquette and cyberbullying prevention. However, the law does not fully address the complexities introduced by social media and mobile devices, both of which have become core parts of how young people engage online. The FCC itself acknowledged the educational benefits of digital collaboration, stating, “Students can participate in online social networks where people from all over the world share ideas, collaborate and learn new things” (FCC).

COPPA, passed in 1998 and updated in 2013, focuses on data privacy for children under 13. It prohibits online services from collecting personal information—like names, addresses, or contact details—without verified parental consent. Although its intentions are sound, the law’s enforcement mechanisms often fall short. Technology researcher danah boyd has criticized COPPA for encouraging dishonesty rather than protecting youth, pointing out that “on the internet, every child is 14.” This kind of workaround reveals how easily children can bypass age gates and access platforms never designed with their developmental needs in mind.

Furthermore, companies do not always follow the law, even when it’s clear. In 2019, the Federal Trade Commission fined YouTube and its parent company Google $170 million for violating COPPA by collecting data from children without proper consent (FTC). The case highlighted a significant gap between regulation and accountability, especially in a commercial environment driven by user data and advertising revenue.

The age threshold of 13 also deserves attention. While easy to enforce administratively, it fails to reflect the diverse levels of maturity and digital literacy among children. The Prey Project notes that digital safety cannot be standardized, as “there is no one-size-fits-all when it comes to the internet and its influence on a child.”

CIPA and COPPA have been instrumental in shaping online child protection, but I think their frameworks are outdated and no longer reflect the full scope of digital challenges students face today. Moving forward, more comprehensive policies are needed—ones that prioritize transparency, digital literacy education, and age-appropriate experiences—to ensure all students are genuinely protected and empowered online. There are also some relatively new policies, such as GDPR in the EU and CCPA in California, that are more comprehensive. Below is an infographic detailing the differences between CIPA, COPPA, FERPA, GDPR and CCPA:


Works Cited

  • Federal Communications Commission. Children’s Internet Protection Act. Federal Communications Commission, www.fcc.gov/consumers/guides/childrens-internet-protection-act. Accessed 17 Apr. 2025.
  • Federal Trade Commission. “Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law.” Federal Trade Commission, 4 Sept. 2019, www.ftc.gov/news-events/news/press-releases/2019/09/google-youtube-will-pay-record-170-million-alleged-violations-childrens-privacy-law. Accessed 17 Apr. 2025.
  • Prey Project. “The Three Laws That Protect Students’ Online Data and Privacy.” Prey Project Blog, 13 May 2023, preyproject.com/blog/en/three-laws-that-protect-students-online-data-and-privacy. Accessed 17 Apr. 2025.
  • Ardent Privacy. “The Kids Are (Not) Alright in Pandemic: Children’s Online Privacy under COPPA, FERPA, and More.” Ardent Privacy, 16 Mar. 2021, www.ardentprivacy.ai/blog/the-kids-are-not-alright-in-pandemic-childrens-online-privacy-under-coppa-ferpa-and-more/. Accessed 17 Apr. 2025.


Comments

  1. DianeApril 18, 2025 at 8:13 PM

    Hi Isaac, I agree that COPPA and CIPA have been outpaced entirely by the technological advancements of today, marking them as obsolete at worst and in need of an update at best. Either way, they need some form of a change to better reflect today's technology and the challenges that children now face when using the internet, as they are simply not the challenges that existed when these policies were first created and there's only so much they can do to account for them when they were never created to do so in the first place.

    ReplyDelete
  2. Tim MillerApril 19, 2025 at 8:23 AM

    You are right that law enforcement of these acts is lacking as it is very easy to get around age verification online. It also appears that companies can easily get out of having to verify ages and collect whatever data regardless. As you mention, these laws need to be updated because they were both introduced around 20 years ago and have only been updated about 10 years ago. The Internet has changed so much and they are each due for an update and for policies to actually be enforced.

    ReplyDelete

Post a Comment

Popular posts from this blog

Social Media Connections Puzzle!

Image
Try your hand at my Connections puzzle! I created it based on social media concepts I learned about this year. If you've ever played NYT Connections , you'll understand how to play, but if not, it's very simple:  Each group has a unique theme (e.g., types of fruit, TV shows, slang terms). To play, read all 16 words carefully and look for patterns or connections among them. Click four words you believe are related and hit “Submit.” If you’re correct, the group will be color-coded and removed. You have four incorrect guesses before the game ends. The difficulty ranges from easiest (yellow) to hardest (purple). Use logic and intuition—some connections may be tricky or deceptive. Click HERE  or on the image below to be taken to the game, and let me know how you did!
Read more

About Me

Image
              Instagram^                                Linkedin^                                      Facebook^                                   Hello all, my name is Isaac Herman and this is my 2nd semester in the MLIS degree program at Dominican University. I hail originally from Evanston, IL and am currently living in the West Loop area of Chicago. I went to my undergrad at the University of Iowa. I love Chicago, it's home and I've been living here for 8 years now (apart from a brief stint in Traverse City, Michigan for work).  For all intents and purposes I'm a pretty average guy, and talking about myself makes me uncomfortable unless I've been drinking. I worked in content ma...
Read more

Blog #5: Data Mining

Image
What a Data Mine Revealed About Me I chose the data mining exercise to see just how unsettled I could make myself. I was pleasantly surprised to find that the information about me was nothing more than I expected, and even redirected from me at some points. Let me be clear: I am not a fan of having a digital tattoo, but at the same time, I can't get off the internet. Therefore it's a necessary evil, but any time that the information actively points away from me, I consider it a victory.  Googling Myself Google.com I kept it very simple to start: I logged out of my usual Chrome profile and started with searching my name: "Isaac Herman." I was happy to see Google's AI Overview get me mixed up with another Isaac Herman due to the points I mentioned above. Still, below that, I found my LinkedIn profile, which confirmed my job and education. It was a reminder that Google's AI platform can give very different results compared to the normal web search. This reinforce...
Read more