Skip to main content
Blog

What is COPPA? │ Creator’s Guide to Children’s Online Privacy Rules

COPPA Compliance: Is it made for kids or is it made for everyone including kids? Protect your channel from big fines and shutdowns with COPPA compliance.

With the chance to reach kids in their homes comes a pretty big responsibility. As the internet playgrounds expand, so do the rules designed to protect its youngest users.

This guide will help untangle COPPA, the Children’s Online Privacy Protection Act. We’ll detail its latest 2025-2026 changes, explain how they impact live streamers and content creators, and provide clear steps to ensure you follow the rules.

COPPA TLDR: What Creators Need to Know

The grace period for the 2025 COPPA ended April 22, 2026. If your channel isn’t compliant, you are liable for the new, higher fine brackets, so watch out for:

  • The “Aesthetic” Trap: The FTC now uses AI to scan for “child-attractive” visuals. If your 24/7 lofi or music stream uses bright anime, cozy cartoons, or plushie-style mascots, you may be automatically classified as “Child-Directed,” regardless of your intended audience.
  • Chatbot Data Collection: If your stream’s chatbot (Nightbot, Streamlabs, etc.) collects viewer emails for newsletters, Discord invites, or giveaways, you must implement an age-gate. Collecting a single email from a user under 13 without “Text Message Plus” parental consent is a violation.
  • Biometrics & VTubers: Using face-tracking or avatars for your 24/7 loops? Under the 2026 rules, facial geometry data is now “Personal Information.” Ensure your software isn’t storing this data or that your privacy policy explicitly covers its 24-hour deletion.
  • YouTube Solo-Live Rule: Remember that the minimum age for solo live streaming is now 16. If your 24/7 stream features a “host” or recurring video of a minor under 16 without a visible adult, the stream will be flagged and likely demonetized within hours.
  • The “Mixed Audience” Solution: If your content is “for everyone,” don’t risk a “General Audience” tag. Use the Neutral Age Screen method before allowing users to enter high-interaction areas like private chats or external community links.

Who pays the COPPA fines, Platforms or Creators?

The short answer is: both, but the FTC is shifting its focus on creators.

While major platforms like YouTube and TikTok are the first line of defense, the law considers a channel owner an “operator” of their own digital service. This means you are legally responsible for the data your content generates. Under the 2025-2026 enforcement standards, the responsibility is split as follows:

  • The Platform’s Job: YouTube or Twitch is liable if they have “actual knowledge” that a stream is for kids and they collect data anyway. This is why they created the “Made for Kids” (MFK) toggle—to shift that knowledge requirement onto you.
  • The Creator’s Job: You are liable if you mislabel your content. If you tell the platform your 24/7 lofi stream is “Not Made for Kids” just to keep your chat and high-paying ads, but the FTC determines your visuals (cartoons, bright colors, etc.) are “Child-Directed,” you can be fined directly.
  • The Evidence: A major turning point occurred in late 2025 when Disney was fined $10 million by the FTC specifically for mislabeling kid-directed videos on YouTube as “General Audience.” This case proved that even if the platform hosts the video, the creator is the one on the hook for the “Audience Designation.”
  • The Cost: As of 2026, the FTC can civilly penalize you up to $51,744 per violation (per individual child’s data improperly collected). For an “Always-On” stream with hundreds of viewers, those “per violation” numbers can escalate into a channel-ending debt in a single afternoon.

In short: The platform provides the tools, but you provide the “truth.” If you provide the wrong designation to the platform, you are the one the FTC will come for.

What is COPPA? The Basics of Protecting Kids Online

The Children’s Online Privacy Protection Act (COPPA) is a U.S. federal law from 1998. Its main goal is simple: protect the online privacy of children under 13. The Federal Trade Commission (FTC) issued the first COPPA Rule on November 3, 1999, which started on April 21, 2000.

COPPA applies to two main groups:

  • Businesses that run websites and online services made for children under 13.
  • Businesses that run general audience websites or online services but know they are collecting personal information from children under 13.

The basic rules of COPPA are about protecting children’s data. This means getting real parental permission before collecting personal information, limiting what data can be collected, and making sure any data gathered is secure. The FTC actively enforces COPPA. They take action against companies that don’t follow the rules.

What’s New in COPPA: Key 2025-2026 Changes

Online privacy rules keep changing. COPPA is no different. The FTC regularly reviews and updates the COPPA Rule to keep up with technology and data concerns. Most recently, big changes were published on April 22, 2025, taking effect on June 23, 2025. Businesses that must follow COPPA need to ensure full compliance with these changes by April 22, 2026.

These changes bring several important updates:

  • Broader Meaning of “Personal Information”: What counts as “personal information” has grown. It now includes things like fingerprints, facial patterns, state IDs, and birth certificates. This means more types of data need parental permission to be collected.
  • New Rules for “Mixed Audience” Services: The FTC has a new definition for “mixed audience website or online service.” This clarifies rules for sites made for children but not only for them. For creators, this means looking closer at content that might appeal to both kids and adults.
  • Better Parental Notice and Permission: The changes include stricter rules for telling parents about data collection and getting their permission. This means clearer talks with parents about how data is used and stronger ways to get their approval, including a “text message plus” consent option.
  • Holding onto Data: Stricter Rules: Businesses now face stricter rules about how long they can keep children’s data and the security steps they must take to protect it.

COPPA Rules for Live Streaming, YouTube Stations & 24/7 Channels

For content creators, record labels, music curators, and lofi channels, COPPA’s reach includes live streaming, even pre-recorded videos shown in a 24/7 channel format. Since these streams are always on, you always need to be careful.

COPPA compliance for live streaming requires an active approach. Popular platforms like YouTube, Twitch, and TikTok have their own rules influenced by COPPA (Made for kids, age checks…). If your content, even pre-recorded, is for children under 13, or if you know you’re collecting data from them, COPPA applies.

For example, a music curator running a 24/7 stream. If the visuals or music style mostly appeal to children, or if the chat involves young users, the channel could be checked by COPPA. You must carefully consider your content and who you want to watch it, for from the very start. This means making sure your content, and any interactive parts or widgets like streamelements or unified chat, match your intended audience and COPPA requirements.

COPPA & Multistreaming: Which Rules to Follow

When you multistream to YouTube, Twitch, and TikTok at the same time, COPPA views you as the operator of three separate online services simultaneously. This creates a “strictest common denominator” situation for your compliance:

  • Platforms Aren’t Synced: Marking a stream as “Made for Kids” on YouTube does not automatically protect you on Twitch or TikTok. You must manually configure the audience settings on every destination. If you forget to toggle the “13+” or “Family Friendly” settings on just one platform, you are technically in violation for that specific broadcast.
  • The Unified Chat Risk: Many multistreamers use “Combined Chat” overlays that show messages from YouTube and Twitch in a single window. If your YouTube audience is flagged as “Made for Kids” (where comments are disabled), but you are showing those same users’ data or messages in a combined chat on Twitch, you may be bypassing the platform’s safety protections and creating a liability.
  • Consistent Audience Designation: The FTC looks for consistency. If you claim your stream is for “Adults Only” on Twitch to keep your monetization, but you use a “Made for Kids” tag on YouTube for the same live feed, the FTC can use your YouTube tag as evidence that you knew the content was child-directed, making your Twitch settings look like a “deceptive pattern.”
  • Third-Party Multistreaming Tools: If you use a cloud-based multistreaming service that requires viewers to log in or provide data to interact with your stream, ensure that service is COPPA-compliant. Under the 2026 rules, you are responsible for the data practices of any tool you “plugin” to your broadcast.

How YouTube, Twitch, and TikTok Handle COPPA

Each major streaming platform has its own way of enforcing COPPA rules. Creators must understand these.

YouTube’s COPPA Rules for Creators

YouTube has been a big part of COPPA talks. In September 2019, YouTube and Google agreed to pay $170 million to settle claims they illegally collected personal information from children. This settlement changed how creators work on the platform.

Key things to know about YouTube’s COPPA rules for creators include:

  • Marking Content “Made for Kids”: Creators must say if their content is “Made for Kids” if it’s mostly for children. This setting has big effects: comments are turned off, personalized ads are stopped, and certain features like notifications and end screens are limited.
  • Age Restrictions for Live Streaming: YouTube has set the minimum age for going live to 16 years old. Children between 13 and 15 can still be in live streams, but an adult must be with them and visible in the video. This is important for any creator planning live content with minors.

What About Twitch and TikTok?

  • Twitch Streamers: Twitch has a 13+ age rule, but streamers still need to be aware of their audience and content. If a channel accidentally gets a lot of underage viewers or shows child-friendly themes, creators could change their content and interactions to avoid collecting personal information from viewers under 13.
  • TikTok Creators: TikTok has specific rules for users under 13, often putting their accounts into a restricted “TikTok for Younger Users” experience. Channel owners should keep track of changes about legal and technical issues about collecting data from underage users. TikTok’s algorithm can sometimes push content to younger audiences, so clear content labeling is always most important.

Is Your Content “Child-Directed”? How to Tell

Understanding if your content is “child-directed” is the first step to following the rules. The FTC gives criteria to help you figure this out. It’s not always about having children in your content; it’s about who your content is for.

The FTC’s criteria for “child-directed” content include:

  • Topic: Is the topic something children would like (e.g., toys, cartoons, simple lessons)?
  • Look and Feel: Does the content use bright colors, animation, or child-like styles?
  • Animated Characters: Does it feature popular cartoon characters or child-friendly mascots?
  • Music and Sound: Does the soundtrack use music popular with children or child voices?
  • Children Featured: Does the content show children a lot, especially if they are the main focus?
  • Advertisements: Are ads shown on the platform aimed at children?
  • Age of People in Content: How old do the people shown in the content seem to be?

It’s important to tell the difference between content that children like and content that is mostly for them. A video for a general audience might have some child viewers, but it’s not “child-directed” unless it meets these rules. The “mixed audience” guidance makes this even more complex, putting more responsibility on businesses to follow the rules even if children aren’t the only target.

For creators, this means regularly checking your old content and new productions. Ask yourself: “Who is this really for?” If the answer includes children under 13, you need to use COPPA-compliant practices.

Big Fines: What Happens if You Don’t Follow COPPA

Ignoring COPPA can lead to serious financial and legal consequences. The FTC means business when it comes to children’s privacy, and COPPA penalties for content creators can be substantial.

Think about these examples:

  • YouTube and Google (2019): In a big case, YouTube and Google paid a huge $170 million to settle claims that they illegally collected personal information from children without parental permission. This case made things clear across the content creation industry. This is when “made for kids” was introduced.
  • Apitor (2025): The robot toy maker Apitor faced a $500,000 fine for COPPA violations, specifically for collecting children’s data without proper parental permission. This shows that even smaller businesses must follow the rules.
  • Cognosphere (Genshin Impact, 2025): The FTC announced a $20 million settlement with Cognosphere, the maker of the popular video game Genshin Impact. The violation? Collecting personal information from children under 13 without parental permission.

Your Channel may not be liable for multi-million dollar lawsuits, but beyond big fines and possible bans, not following the rules can give your channel a bad name. Viewers, parents, and platform partners quickly lose trust in channels and brands linked to privacy violations. This can mean fewer viewers, no more ads, and even platform bans. Remember, not knowing the law is not an excuse.

How to Comply with COPPA

For “always-on” curators and music channels, compliance isn’t a one-time setting; it’s an ongoing audit of your stream’s “vibe” and its data-collection tools.

1. Implement “Neutral Age Screens”

If your stream attracts a “Mixed Audience,” you don’t have to block everyone. As of the 2026 updates, the FTC encourages neutral age verification. If you link to an external community or shop, ask for a birthdate first. The screen must be neutral and you cannot “nudge” the user by saying “You must be 13 to enter.”

2. Use the “Text Plus” Consent Flow

If you collect emails for a newsletter or “study club,” a simple checkbox is no longer enough for users under 13. You must use “Text Message Plus” or “Email Plus.” This requires a two-step verification where you notify the parent and receive a confirmatory text or call back to prove they actually gave permission.

3. Update to a “Privacy Policy 2.0”

Your policy must now include two mandatory sections required by the 2025-2026 amendments:

  • Data Retention: State exactly how long you keep viewer data (e.g., “Chat logs are deleted every 30 days”).
  • Security Program: Briefly mention the “reasonable safeguards” you use to keep viewer data safe from leaks.

4. Audit Your “Silent” Data Collectors

The biggest risk for 24/7 streams is Third-Party Widgets. Check your chatbots (Nightbot, WizeBot) and your “Song Request” overlays. If these tools scrape IP addresses or location data, you are liable. Follow the 2026 “Data Minimization” principle: only collect what is strictly necessary for the stream to function.

5. Conduct a “Visual Asset Review”

FTC AI-scanners now scan loops for “child-attractive” elements. To protect your “General Audience” status, avoid using nursery-rhyme patterns, high-pitched mascot voices, or characters from popular kids’ shows in your background animations. Ensure your aesthetic clearly signals a “teen and adult” chill/study vibe.

Planning Ahead: What’s Next for Children’s Online Privacy

The digital world is always changing, and online privacy laws will keep evolving beyond the 2026 changes.

  • Always Be Careful: Online privacy laws are not set in stone. We encourage creators to subscribe to legal updates and industry news to stay informed about possible future changes.
  • Think Privacy First: Building a “privacy-first” mindset into your content strategy and channel management is key. This means thinking ahead about who your audience is, what data you’re collecting, what your chatbots are doing, and how you’re protecting privacy, even before new laws appear.
  • Know About Global Rules: While COPPA is a U.S. law, many global privacy rules (like GDPR in Europe) might overlap or add to its requirements. If your audience is international, understanding these broader laws is crucial. Luckily, platforms will adjust their guidelines so creators can publish on most markets with the same rules.

COPPA is a critical law designed to protect children online. The recent 2025-2026 changes bring new duties for content creators, especially those running live streams and 24/7 linear content. Staying informed and active is key to avoiding big fines and keeping audience trust.

Don’t let compliance trouble stop your creativity or revenue. Explore how Upstream can simplify your multistreaming and live stream management, with fully compliant YouTube Verified servers and software.