Most popular AI chatbots aren't legally allowed to be used by children under 13. That's not an opinion β it's the law. Here's what every parent should know.
What Is COPPA?
COPPA β the Children's Online Privacy Protection Act β is a US federal law that regulates how online services collect and handle personal information from children under 13. It's been around since 2000, but it's more relevant than ever in the age of AI.
In simple terms, COPPA says: if your product is directed at children or you know a user is under 13, you must follow strict rules about their data.
Similar laws exist worldwide:
- UK: Age Appropriate Design Code (Children's Code)
- EU: GDPR with specific provisions for children (typically under 16)
- Australia: Online Privacy Act with children's protections
Why COPPA Matters for AI
AI chatbots are uniquely problematic for children's privacy. Here's why:
Children Share Everything
When a child talks to an AI, they share freely. "My name is Emma, I'm 8, I go to Hillside Primary, my dog is called Max, and my mum and dad are getting divorced." In a single conversation, a child can reveal:
- Full name
- Age
- School
- Location
- Family situation
- Emotional state
- Friends' names
- Daily routines
AI Systems Store and Process Data
Most AI chatbots:
- Store conversation logs on remote servers
- Use conversations to improve their AI models
- May share data with third-party partners
- Retain data for extended periods
- Link conversations to user profiles
The Combination Is Dangerous
A child's natural openness plus an AI system's data appetite creates a privacy risk that COPPA was designed to prevent β just in a context the original law didn't anticipate.
What COPPA Actually Requires
For any online service directed at children under 13:
- Provide clear privacy notice β Parents must be able to understand exactly what data is collected and how it's used
- Get verifiable parental consent β Before collecting any personal information from a child
- Let parents review and delete data β Parents can see what's been collected and have it removed
- Don't condition participation on data collection β You can't force children to share more data than necessary
- Protect the data you collect β Reasonable security measures are required
- Don't retain data longer than necessary β Delete it when it's no longer needed
Are Popular AI Chatbots COPPA Compliant?
Let's be direct:
| AI Tool | COPPA Compliant | Notes | |---------|----------------|-------| | ChatGPT | β | Requires users to be 13+. Not designed for children. | | Google Gemini | β | Age requirement of 13+ (18+ in EU). | | Claude | β | Terms require users to be 13+. | | Microsoft Copilot | β | Not directed at children under 13. | | Askie | β | Built for children. COPPA compliant by design. |
The major AI chatbots handle this simply: they say "not for children under 13" in their terms of service. This technically exempts them from COPPA because they're not "directed at children."
But children use them anyway. And that's the gap that purpose-built children's AI fills.
How to Tell If an AI App Is Truly COPPA Compliant
Marketing claims aren't enough. Here's how to verify:
Check the Privacy Policy
Look for specific mentions of:
- COPPA compliance
- How children's data is handled differently from adults'
- Parental consent mechanisms
- Data deletion procedures
Red flag: If the privacy policy doesn't mention children at all, it's not designed for them.
Look for Verifiable Parental Consent
COPPA requires that parents actively consent before a child's data is collected. Methods include:
- Parental email verification
- Credit card verification (small charge)
- Phone verification
- Signed consent form
Red flag: If your child can create an account and start using the service with no parental involvement, it's probably not COPPA compliant.
Check Data Collection Practices
Ask these questions:
- Does the app collect personal information from children?
- Are conversations stored? For how long?
- Is data used for AI training?
- Is data shared with third parties?
- Can you request deletion of your child's data?
Red flag: If you can't find clear answers to these questions, assume the worst.
Look for Independent Certification
Organisations that verify children's digital safety:
- Educational App Store β Reviews and certifies children's apps
- kidSAFE Seal Program β COPPA safe harbour certification
- PRIVO β Children's privacy certification
These certifications mean an independent third party has verified the app's compliance.
The "No Data Collection" Approach
Some children's AI apps, including Askie, take a more aggressive approach: don't collect children's data at all.
This goes beyond COPPA compliance. Instead of collecting data with parental consent, they simply don't collect it. No data stored means:
- Nothing to breach
- Nothing to misuse
- Nothing for parents to worry about
- True privacy by design
This is the gold standard for children's AI privacy.
What About School Settings?
If your child uses AI at school, different rules may apply:
- Schools can consent on behalf of parents for educational purposes
- But schools must still ensure the tools they use are COPPA compliant
- Ask your child's school what AI tools they use and whether they've verified compliance
- Request copies of the school's data processing agreements with AI providers
You have the right to ask these questions and get clear answers.
What Parents Should Do
- Check before you download β Verify COPPA compliance before your child uses any AI app
- Read the privacy policy β Specifically the sections about children
- Use purpose-built children's AI β These are designed around privacy from the start
- Teach your children about privacy β Age-appropriate conversations about what to share online
- Exercise your rights β Request data deletion if your child has used a non-compliant service
- Talk to your child's school β Ensure school-provided AI tools are compliant
The Bottom Line
COPPA isn't bureaucracy β it's protection. In a world where AI systems are hungry for data and children share freely, the legal and practical safeguards around children's privacy matter more than ever.
When choosing an AI tool for your child, COPPA compliance isn't a bonus feature. It's the minimum requirement. And the best children's AI tools go beyond compliance β they simply don't collect your child's data in the first place.
Your child's conversations with AI should stay between them and the AI. Not in a database. Not in a training set. Not in a breach notification email two years from now.