Every time your child watches a cartoon on a streaming app, their data is being collected. Not just what they watch - but where they pause, how long they stare at a character, even how loudly they laugh. Under U.S. law, this is supposed to be protected. That law is called COPPA. But many streaming apps still walk a thin line between convenience and compliance. And parents? Most have no idea what’s really happening behind the screen.
What COPPA Actually Requires
COPPA - the Children’s Online Privacy Protection Act - went into effect in 2000. It was designed to stop companies from collecting personal information from kids under 13 without clear, verifiable parental consent. That includes names, email addresses, location data, device IDs, and even persistent cookies that track behavior across sessions.
It sounds simple. But today’s streaming apps don’t just offer shows - they offer algorithms, recommendations, interactive ads, and in-app purchases. And many of them treat kids’ profiles like data goldmines. Under COPPA, if an app is directed at children or knowingly collects data from them, it must:
- Get written permission from a parent before collecting any personal info
- Give parents control over what’s collected and the ability to delete it
- Keep data secure and only keep it as long as necessary
- Not condition a child’s access to a service on collecting more data than needed
That last point is critical. Some apps make it impossible to use their kids’ mode unless you sign up with an email, link a payment method, or allow location tracking. That’s a violation.
How Streaming Apps Try to Get Around COPPA
Most major streaming services claim they don’t target kids directly. Instead, they say their apps are "general audience." That lets them avoid COPPA rules - even when their most popular content is cartoons, nursery rhymes, or animated movies.
Netflix, Disney+, Hulu, and Amazon Prime Video all have dedicated kids’ sections. But here’s the trick: they don’t always treat those sections like child-directed services under COPPA. They often collect device identifiers, viewing habits, and interaction data - then use that to serve ads or recommend content to adults later. Even if a child is watching a show meant for them, the data trail can follow them into their teen years.
Some apps use "age gates" - a simple dropdown asking if you’re over 13. But that’s not verification. A 7-year-old can easily pick "yes." And once they do, the app stops protecting their data. In 2023, the FTC fined a major streaming platform $10 million for exactly this: letting kids bypass age checks and then selling their viewing data to advertisers.
What Data Is Actually Being Collected?
It’s not just what they watch. Streaming apps track:
- How long a child pauses a video - which can indicate confusion or emotional response
- How often they rewind - signaling replay value or interest in a character
- Which thumbnails they click on - even if they don’t play the video
- Device type, IP address, and approximate location
- Time spent in the app, frequency of use, and session length
Some apps even use audio recognition to detect background noise - like if a parent is talking nearby. That data gets fed into machine learning models to predict what kind of content will keep kids engaged longer. The goal? More screen time. More ad impressions. More revenue.
And while COPPA bans targeted advertising to kids under 13, many apps still serve behavioral ads to the whole household. If your child watches 20 minutes of a dinosaur show, you might start seeing ads for toy stores, preschools, or family vacations. That’s not targeting the child - but it’s still using the child’s data to influence adult spending.
Parental Controls Are Not Enough
Most parents think turning on "Kids Mode" or setting a PIN is enough. It’s not. These controls only block access to adult content - they don’t stop data collection. In fact, some apps use parental controls as a signal that a child is using the app, which triggers more aggressive data gathering.
For example, Apple’s Screen Time and Google’s Family Link can limit usage, but they don’t tell you what data is being sent to Netflix or YouTube Kids. You can’t see if your child’s favorite show is being used to build a profile for targeted marketing. You can’t delete the data. You can’t even ask for it.
And many apps don’t make it easy to opt out. If you want to request your child’s data under COPPA, you often have to dig through 5 menus, fill out a form, and wait weeks for a response. Some apps don’t respond at all.
What You Can Do Right Now
You don’t need to be a tech expert to protect your child’s data. Here’s what works:
- Use separate profiles - Always create a dedicated profile for your child. Never let them use your account.
- Turn off personalized ads - In Netflix, go to Account > Profile > Playback Settings and disable "Personalized recommendations." On YouTube Kids, go to Settings > Privacy and turn off "Ad Personalization."
- Disable location services - For each app, go to your device’s settings and turn off location access for kids’ apps. Even if they’re not using GPS, IP tracking still gives away your neighborhood.
- Don’t link payment methods - Never connect a credit card to a child’s profile. Even "free" apps can trigger in-app purchases through accidental taps.
- Request data deletion - If you find out your child’s data is being stored, send a written request to the company’s privacy team. COPPA gives you the right to have it deleted. Keep a copy of the request.
There’s also a simple rule: if an app asks for your email, phone number, or name to access kids’ content - walk away. Legitimate COPPA-compliant apps don’t need that to let a child watch cartoons.
Why This Matters Beyond Privacy
It’s not just about privacy. It’s about development. Kids under 13 are still forming their sense of self. Constant tracking, algorithmic recommendations, and behavioral nudges can shape their preferences, attention spans, and even their sense of what’s normal. A child who watches only animated action shows for six months will get more of those - and fewer stories about empathy, diversity, or quiet curiosity.
And when that data gets sold or leaked, it follows them. Schools, insurance companies, and future employers may one day access digital footprints built in childhood - footprints they never agreed to leave.
The Bigger Picture: Laws Are Lagging
COPPA was written before smartphones. Before TikTok. Before AI-powered recommendation engines. The FTC has tried to update it, but progress is slow. Meanwhile, companies are spending millions on legal loopholes.
Some states, like California and New York, have passed stronger laws. California’s CCPA lets parents request data deletion from any company doing business in the state - even if they’re not based in the U.S. But enforcement is patchy. Most families don’t know their rights.
Until federal law catches up, the responsibility falls on parents. And the truth is, most streaming apps aren’t designed to protect kids. They’re designed to keep them watching.
Does COPPA apply to apps outside the U.S.?
Yes - if the app collects data from children in the U.S., COPPA applies, even if the company is based in Ireland, Canada, or Japan. Streaming services like Netflix and Disney+ must follow COPPA rules for any user under 13 who accesses the service from an American IP address or uses an American payment method.
Can I delete my child’s viewing history from streaming apps?
You can request deletion under COPPA, but most apps don’t make it easy. Netflix allows you to delete a child’s profile, which removes their watch history and recommendations. YouTube Kids lets you delete activity through your Google Account. But many apps store data indefinitely unless you formally ask for deletion. Always send a written request to their privacy department.
Are free kids’ apps safer than paid ones?
No. Free apps often collect more data because they rely on advertising revenue. Paid apps, especially those from reputable companies like PBS Kids or National Geographic, are more likely to be COPPA-compliant because they don’t need to sell data to survive. Always check the app’s privacy policy - look for phrases like "we do not collect personal information from children" or "no third-party tracking."
What happens if a streaming app violates COPPA?
The FTC can fine companies up to $50,120 per violation. In 2023, a major streaming service paid $10 million for letting children bypass age gates and collecting their data without consent. But fines don’t always fix the problem - many companies just change their wording in privacy policies and keep collecting. That’s why parental vigilance matters more than ever.
Should I avoid streaming apps altogether for my kids?
No - but be smart about it. Use apps that are transparent, have no ads, and don’t require personal info. PBS Kids, CBeebies, and the Kanopy Kids section (free with a library card) are good examples. Limit screen time, watch together when possible, and turn off recommendations after each session. You don’t have to cut out streaming - just take back control of the data.