Phosra
Get Started
United States (Federal)Reintroduced in 119th Congress (S.836, 2025)

Children's Online Privacy Protection Act 2.0 (COPPA 2.0)

Extends COPPA to teens under 17, bans all targeted advertising to minors, and creates an Eraser Button for data deletion. Passed the Senate 91-3 as part of KOSMA in July 2024 (118th Congress) but the House never voted and the bill expired Jan 3, 2025. Reintroduced in the 119th Congress as S.836 (Senate, March 2025, Senators Markey & Cassidy) and H.R.6291 (House, November 2025). Not yet signed into law.

Compliance Coverage7/8

What COPPA 2.0 Requires

Key provisions of Children's Online Privacy Protection Act 2.0

Extended Age Coverage to 17

COPPA 2.0 extends the original COPPA protections from children under 13 to all minors under 17, significantly broadening the scope of covered users and the platforms subject to compliance obligations.

Ban on Targeted Advertising to Minors

All forms of behavioral and targeted advertising directed at users known to be under 17 are prohibited. Platforms may not use personal data collected from minors for advertising profiling or retargeting purposes.

Eraser Button for Data Deletion

Minors and their parents must be provided with a clear, accessible mechanism to request the deletion of all personal data collected by a platform. Platforms must honor deletion requests within a reasonable timeframe.

Data Minimization Requirements

Platforms must limit the collection of minors' personal data to what is strictly necessary for the service being provided. Excessive data collection, including behavioral tracking beyond core functionality, is prohibited.

Dedicated FTC Enforcement Division

A new division within the FTC is established specifically to enforce children's privacy protections, investigate violations, and coordinate with state attorneys general on enforcement actions.

Increased Civil Penalties

The maximum civil penalty per violation is substantially increased to create meaningful deterrence for large platforms. Penalties are assessed per affected child and can escalate for repeat offenders.

How Phosra Helps

COPPA 2.0 provisions mapped to Phosra features

Each COPPA 2.0 requirement is addressed by a specific Phosra capability. Integrate once, and your platform is covered.

Extended protection to age 17

Age Group Mapping

Phosra's age-to-rating mapping covers five rating systems (MPAA, TV, ESRB, PEGI, CSM) and applies appropriate restrictions for all minors from birth through 17 years of age.

REST API — Get age group mappings
bash
curl -G https://api.phosra.com/v1/children/ch_emma_01/age-mapping \
  -H "Authorization: Bearer sk_live_..."

Ban on targeted advertising

Targeted Ad Block

targeted_ad_block

The targeted_ad_block rule category disables behavioral advertising, ad profiling, and retargeting across all connected platforms in a single enforcement action.

REST API — Block targeted ads for minors
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_emma_01",
    "rules": ["targeted_ad_block"],
    "platforms": ["youtube", "instagram", "spotify"]
  }'

Eraser button / data deletion

Data Deletion Request

data_deletion_request

The data_deletion_request rule triggers deletion workflows on connected platforms, and child profiles can be fully removed from Phosra within 7 days via dashboard or API.

REST API — Eraser button data deletion
bash
curl -X POST https://api.phosra.com/v1/children/ch_emma_01/data-deletion \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "scope": "all_platforms",
    "include_phosra_profile": true,
    "reason": "parental_request"
  }'

Data minimization

Minimal Child Profiles

Phosra stores only first name, birth date, and age group for child profiles. No email, phone, photos, biometrics, or social identifiers are collected or transmitted to platforms.

REST API — Minimal child profile
bash
curl -G https://api.phosra.com/v1/children/ch_emma_01 \
  -H "Authorization: Bearer sk_live_..."

FTC enforcement readiness

Compliance Audit Trail

Full enforcement logging with timestamped records of every policy push, platform response, and rule change provides documentary evidence for FTC review and audit.

REST API — COPPA compliance audit log
bash
curl -G https://api.phosra.com/v1/enforcement/audit \
  -H "Authorization: Bearer sk_live_..." \
  -d "law=coppa_2" \
  -d "child_id=ch_emma_01" \
  -d "limit=5"

Geolocation data protection

Geolocation Opt-In

geolocation_opt_in

The geolocation_opt_in rule ensures that location tracking is disabled by default on connected platforms, requiring explicit parental authorization before any location data is collected.

MCP Tool — Enforce geolocation opt-in
bash
# MCP tool invocation
tool: trigger_child_enforcement
input: {
  "child_id": "ch_emma_01",
  "rules": ["geolocation_opt_in"],
  "scope": "all_connected_platforms"
}

Coverage Assessment

COPPA 2.0 compliance checklist

Compliance Coverage

Protections extended to minors under 17Age group mapping across 5 rating systems
Targeted advertising blocked for all minorstargeted_ad_block rule category
Data deletion mechanism availabledata_deletion_request + profile deletion API
Data minimization in child profilesMinimal profile schema (name, DOB, age group only)
Geolocation tracking disabled by defaultgeolocation_opt_in rule category
Verifiable parental consent flowParent/guardian account ownership verification
Audit trail for regulatory reviewEnforcement job logging with 1-year retention
Real-time penalty risk monitoringCompliance risk scoring (planned)

Start building COPPA 2.0-compliant features today

Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.

Get Started FreeRead the Docs