“COPPA, Kids’ Data & Platform Risk for U.S. CPOs and Privacy Officers”
Participants Profile
- Chief Privacy Officers, Heads of Privacy, Data Protection Officers, Legal/Compliance VPs
- Companies offering digital platforms, apps, websites, or connected devices accessible to children under 13
- U.S.-based organizations, or companies serving U.S. children under 13
Advantages
- Immediate Regulatory Clarity: Provides CPOs with a precise understanding of COPPA federal requirements, including 2025 Rule updates, parental consent, retention limits, and data-sharing obligations. Eliminates ambiguity about when and how COPPA applies to platforms accessible by children under 13.
- Practical Risk Mitigation: Offers actionable guidance for mapping children’s data flows, auditing third-party integrations, and implementing parental consent mechanisms. Helps companies prevent costly FTC enforcement actions and settlements, such as those against Cognosphere, Disney, and ongoing TikTok investigations.
Goals
- Understand COPPA’s federal requirements, (parental consent, data collection, retention, disclosure) and 2025 Rule updates.
- Recognize high-risk practices that have led to FTC enforcement (e.g., TikTok, Disney, Cognosphere).
- Map platform and data flows to identify where children’s personal information is collected or shared..
- Develop actionable compliance and mitigation strategies, to prevent enforcement or litigation exposure.
- Prepare frameworks for internal audits, vendor oversight, and executive reporting on children’s data risks.
Course Contents
| Module | Focus / Topics |
|---|---|
| Module 1: COPPA 101 Federal Requirements | Overview of federal COPPA law, FTC enforcement authority, 2025 Rule updates (biometrics, targeted advertising, retention). |
| Module 2: Case Study Deep-Dive | Recent enforcement cases: • Cognosphere / Genshin Impact ($20 M) • Disney / YouTube Children’s Content ($10 M) • TikTok / ByteDance ongoing FTC investigation. Lessons learned and risk triggers. |
| Module 3: Platform & Data Flow Risk Mapping | Identify where children’s personal information is collected across apps, web, cloud services, and third-party integrations; mapping exercise. |
| Module 4: Compliance and Mitigation Strategies | Parental consent processes, opt-in/opt-out mechanisms, retention schedules, third-party agreements, audit protocols. |
| Module 5: Executive Action Plan & Q&A | Develop a “day-1 action list” for platform owners/CPOs; include reporting to board, internal communications, and next steps. |
Instructor
Name: John P. Fortwise
U.S.-based privacy compliance expert with over 15 years of experience advising corporations on biometric data, employee privacy, and state-level privacy regulations. He has led BIPA and CUBI compliance programs for Fortune 500 companies, conducted internal audits, and represented clients in state enforcement matters. He frequently speaks at privacy conferences, publishes thought leadership on biometric risk management, and has developed corporate training programs that translate complex regulatory requirements into actionable executive strategies.
Format, Cost, Date & Inclusions
Format: Live. Online via Zoom
Price: $89
Duration and date: 2 hours from 2:30 to 4:30 pm ET, November 18, 2025
Includes:
- Certificate of Completion
- Course PDF Materials
- Access to recordings / supplementary resources
- Q&A session