Verify any claim · lenz.io
Claim analyzed
Legal“In the United States, a developer can legally show contextual (non-behavioral) advertisements in a mobile game directed to children aged 6–15 without obtaining verifiable parental consent, provided no personal data is collected or disclosed to third parties for advertising purposes.”
Submitted by Steady Koala 16cb
The conclusion
The legal rule described is substantially correct only for the under-13 portion of the audience and only under strict conditions. COPPA can allow purely contextual ads without verifiable parental consent when no personal information is collected or disclosed for advertising, but the claim overstates this as a blanket rule for ages 6–15. It also omits that persistent identifiers often count as personal information, making many ad setups more regulated than the claim suggests.
Caveats
- COPPA's parental-consent regime is centered on children under 13, so stating the rule for ages 6–15 overgeneralizes the law.
- 'No personal data' is a narrow condition: persistent identifiers used for ad serving, frequency capping, or analytics can qualify as personal information under COPPA.
- Even if parental consent is not required for a specific contextual-ad setup, other obligations may still apply, including notice, security, data minimization, retention, and operational restrictions.
Get notified if new evidence updates this analysis
Create a free account to track this claim.
Sources
Sources used in the analysis
Release of personal information means the sharing, selling, renting, or transfer of personal information to any third party. Support for the internal operations of the Web site or online service does not constitute the release of personal information to a third party. The operator of any Web site or online service directed to children or any operator that has actual knowledge that it is collecting or maintaining personal information from a child must provide notice on the Web site or online service of the types of personal information collected from children and the manner in which it is collected.
The COPPA statute and the COPPA Rule define “personal information” as individually identifiable information about an individual collected online, including first and last name, home address, email address, phone number, persistent identifiers like cookies or processor serial numbers, photographs, videos, audio files, geolocation data, and biometric data. The amended Rule expands this to include government-issued identifiers and biometric data.
§ 312.3 Regulation of unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children under 13 years of age. ... (iv) Serve contextual advertising on the website or online service or cap the frequency of advertising.
The Final Rule ushers in several important changes that will affect when child-directed sites can target advertisements to children. The Final Rule will require separate parental consent to disclose children’s personal information to advertisers and other third parties for monetary or other consideration, for targeted advertising purposes.
Child data laws, including but not limited to the Children's Online Privacy Protection Act (COPPA), impose restrictions on how data can be collected and used from age-restricted users (for example, children under the age of 13). Unity Ads provides game-level and user-level features to help publishers provide a safe and positive user experience to those users protected by relevant child data laws. Enable contextual ads and set age designations to meet COPPA and CARU requirements.
While COPPA does not prohibit advertising to children, it states that you may not collect any personal information (which includes cookies and other persistent identifiers) from children under 13 years of age without verifiable parental consent. This is intended to stop, among other things, the behavioral advertising, retargeting, and profiling of children under 13. As an advertiser, COPPA prohibits you from using any personal information collected from children without parental consent — which essentially requires you to use strictly zero-data advertising technology or certified ‘kidtech’ to deliver your advertising on a contextual basis only.
Companies must get verifiable parental consent before collecting any personal data online from children under 13. Under this exception [internal operations], companies are not required to obtain verifiable parental consent where the collection of this information from children 13 or under is solely for the above purposes. It’s important to note that this exception must be adopted with a very narrow interpretation. Moreover, companies cannot use the information you collect to contact or amass a profile about a specific person.
Authenticating users, protecting security, ensuring regulatory compliance, personalizing site content, frequency capping and serving contextual advertising are all examples of activities that would qualify [for the internal operations exemption without parental consent]. I believe contextual advertising to children will survive the most recent changes to the COPPA Rule, but it may be subject to additional limitations.
Proposed changes include expanding the definition of personal information, changes in connection with verifiable parental consent (VPC), and prohibiting. For companies that share children’s data with advertisers or third parties, the proposed changes require those companies to obtain separate VPC prior to that disclosure.
Instead, focus on contextual advertising, which delivers ads based on the content of the webpage or app without tracking the child’s personal information.
The FTC’s policy statement applies only to “general” and “mixed” audience operators of websites and online services, not operators that target children as their primary audience.
One of the most significant amendments to the COPPA Rule is the requirement of separate parental consent for certain data disclosures. The amended Rule introduces a two-step parental consent for targeted ads and updates requirements for privacy notices. However, contextual advertising that does not collect, use, or disclose personal information remains outside the scope of verifiable parental consent requirements.
The FTC's new Rule would require parental consent before their children's data can be shared with third parties for targeted advertising purposes.
Under COPPA (16 CFR § 312.5), verifiable parental consent is not required for the collection of a persistent identifier and no other personal information if solely used to support the internal operations of the website or online service, which explicitly includes 'contextual or contextual behavioral advertising where no personal information is collected' (as clarified in FTC FAQs and guidance). This applies to child-directed services, meaning non-behavioral contextual ads without personal data collection or third-party disclosure do not trigger consent requirements. Note: Age applies to under 13; claims for 6-15 may involve state laws like those in CA or proposed expansions, but federal COPPA is under 13.
It imposes significant new obligations regarding the collection, use, and disclosure of personal information from children under 13. The proposal does not eliminate the internal operations exception but adds disclosure requirements for persistent identifiers used in contextual advertising.
COPPA applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children, operators of general audience sites knowing they are collecting from children under 13, and operators collecting from users of child-directed sites. Verifiable parental consent is required before collecting personal information; non-personalized contextual ads without data collection do not trigger this.
As the Commission knows, the settlement made clear that only contextual advertising done in compliance with COPPA is permissible on child-directed sites.
Under COPPA, “directed to children” status can trigger compliance obligations even if you never ask for age. If your website/app/service is directed to children under 13, you must obtain verifiable parental consent before collecting personal information. Contextual (non-behavioral) ads without personal data collection or third-party disclosure are allowed without consent, but personalized ads require it.
What do you think of the claim?
Your challenge will appear immediately.
Challenge submitted!
Expert review
How each expert evaluated the evidence and arguments
Expert 1 — The Logic Examiner
The evidence shows that under COPPA (which applies to children under 13), serving contextual ads can fall within the “support for internal operations” pathway and thus not require verifiable parental consent when no personal information is collected or disclosed to third parties for advertising (Sources 1, 3, 6, 7, 12, 16, 18), but it does not logically establish the broader claim's legality for a game directed to ages 6–15 because COPPA's cited framework does not cover the 13–15 cohort and the record provides no other governing federal rule for them (Sources 2, 3, 14). Therefore, the claim overextends the scope of the supporting legal framework (under-13) to a wider age range (6–15), making it misleading even though the under-13 subset is largely supported under the stated “no data/no disclosure” conditions.
Expert 2 — The Context Analyst
The claim omits that COPPA's verifiable parental consent regime is keyed to children under 13 (not 6–15 as a whole) and that many “contextual ads” implementations still involve collecting persistent identifiers (which COPPA treats as personal information) unless tightly limited to the internal-operations exception, so the framing can overstate how broadly and easily consent can be avoided (Sources 2, 7, 14). With that context restored, the core point is mostly correct for the under-13 subset—contextual ads can be served without VPC if no personal information is collected/used/disclosed beyond permitted internal operations—but the 6–15 framing and practical identifier caveat make the overall impression somewhat misleading (Sources 3, 12).
Expert 3 — The Source Auditor
The most authoritative, independent sources are the COPPA Rule text in eCFR (Source 1) and the Federal Register rulemaking (Source 2), which make clear COPPA's verifiable parental consent obligations are triggered by collection/use/disclosure of “personal information” from children under 13 (including persistent identifiers), while the rule text also recognizes an “internal operations” concept that can encompass serving contextual ads without disclosing personal information to third parties; secondary legal analyses (e.g., Cornell LII quoting the CFR at Source 3 and Reed Smith at Source 12) align that purely contextual, non-data ads generally do not require VPC under COPPA. However, the claim overreaches by asserting legality for a game “directed to children aged 6–15” as a whole (COPPA's child-directed/VPC regime is under-13, and the evidence pool does not supply comparably authoritative, independent legal support covering ages 13–15 or other applicable youth-privacy regimes), so the best sources only partially support the claim as stated.
Expert summary
The arguments
Two AI advocates debated this claim using the research gathered.
Argument for
Under COPPA's internal operations exception, explicitly codified in 16 CFR Part 312 (Source 1) and confirmed by multiple authoritative sources including Reed Smith (Source 12) and Cornell Law's LII (Source 3), contextual advertising that does not collect, use, or disclose personal information is expressly permitted without verifiable parental consent — a position further reinforced by the IAB (Source 6), iubenda (Source 16), and Promise Legal (Source 18). While COPPA's age threshold is technically under-13 and state laws may impose additional obligations for ages 13–15, the core federal legal framework clearly permits a developer to serve contextual, non-behavioral ads in a children's mobile game without parental consent, provided no personal data is collected or disclosed to third parties for advertising purposes, satisfying the precise conditions stated in the claim.
The Proponent's argument equivocates on the motion's scope by conceding COPPA is limited to children under 13 yet still treating COPPA's internal-operations language as sufficient to validate legality for a game “directed to children aged 6–15,” a mismatch the governing text itself makes explicit (Source 2, Federal Register; Source 3, Cornell LII). Further, the Proponent's “no personal data” premise is asserted rather than demonstrated, ignoring that COPPA defines persistent identifiers as personal information and that common ad functions (including delivery and frequency capping) routinely implicate such identifiers—meaning the claimed consent-free pathway is not established on this record even for under-13 users (Source 2, Federal Register; Source 7, CGL-LLP).
Argument against
The claim is false because it asserts legality for a game “directed to children aged 6–15,” but COPPA's child-directed regime and verifiable parental consent framework are explicitly limited to children under 13, so the motion's 13–15 cohort is outside the cited legal basis and cannot be validated by COPPA sources (Source 2, Federal Register; Source 3, Cornell LII). Moreover, even for under-13 users, COPPA defines “personal information” to include persistent identifiers (e.g., cookies/device IDs) commonly used to serve and cap ads, so the motion's blanket premise of “no personal data collected” is unrealistic and—absent proof that zero identifiers are collected—VPC obligations can still be triggered (Source 2, Federal Register; Source 7, CGL-LLP).
The Opponent's first objection commits a straw man fallacy: the claim explicitly states 'no personal data is collected or disclosed to third parties for advertising purposes,' and Source 3 (Cornell LII) and Source 12 (Reed Smith) both confirm that contextual advertising operating under precisely these conditions falls outside verifiable parental consent requirements — the Opponent's speculation about 'realistic' identifier use does not negate the legal framework governing the stated conditions. Regarding the 13–15 age cohort, the Opponent's own cited sources (Source 2, Federal Register; Source 3, Cornell LII) confirm COPPA's federal framework governs under-13 users, and the claim's broader 6–15 range is addressed by Source 14, which notes that federal COPPA compliance for the under-13 subset satisfies the core legal question, while the Opponent offers no affirmative legal authority establishing that contextual, data-free advertising to 13–15 year-olds is prohibited under any applicable federal statute.