With the passing of the Drivers Privacy Protection Act in 1997, new precedents had been set in regard to the ability of congress to regulate information held by state agencies.

[7] After the FTC completed its investigation, it issued the "KidsCom Letter" the report stated that the data collection and use practices were indeed subject to legal action.

[12] A mandatory review of the COPPA regulations were conducted in 2005 (resulting with no changes to the original guidelines), found that there were no adverse effects to the online landscape.

[2] However, the Supreme Court ruled that non-profits operated for the benefit of their members' commercial activities are subject to FTC regulation and consequently COPPA as well.

[26] In February 2004, UMG Recordings, Inc. was fined US$400,000 for COPPA violations in connection with a website that promoted the then 13-year-old rapper Lil' Romeo and hosted child-oriented games and activities, and Bonzi Software, which offered downloads of an animated figure "BonziBuddy" that provided shopping advice, jokes, and trivia was fined $75,000 for COPPA violations.

[27] Similarly, the owners of the Xanga website were fined US$1,000,000 in 2006 for COPPA violations of repeatedly allowing children under 13 to sign up for the service without getting their parent's consent.

ByteDance agreed to pay the largest COPPA fine since the bill's enactment and to add a kids-only mode to the TikTok app.

[34] On September 4, 2019, the FTC issued a fine of $170 million to YouTube for COPPA violations, including tracking the viewing history of minors in order to facilitate targeted advertising.

[43] In December 2012, the Federal Trade Commission issued revisions effective July 1, 2013, which created additional parental notice and consent requirements, amended definitions, and added other obligations for organizations that (1) operate a website or online service that is "directed to children" under 12 and that collects "personal information" from users or (2) knowingly collects personal information from people under 13 through a website or online service.

[47] An example, cited by the FTC, includes an operator who asks for a date of birth on a site's registration page has actual knowledge as defined by COPPA if a user responds with a year that suggests they are under 13.

[44] The definition of personal information requiring parental notice and consent before collection now includes "persistent identifiers" that can be used to recognize users over time and across different websites or online services.

[50] The FTC has asserted that COPPA applies to any online service that is directed to U.S. users or knowingly collects information from children in the U.S., regardless of its country of origin.

Delays in obtaining parental consent often result in children moving on to other activities that are less appropriate for their age or pose bigger privacy risks.

Tech journalist Larry Magid, a long-time vocal opponent of the law,[55][57][6] also notes that parents, not the government, hold the bulk of responsibility of protecting children online.

In contrast, violators of the European Union's General Data Protection Regulation (GDPR) may be fined up to 4% of their annual global revenue.

[67][68][69] With the rise of virtual education, COPPA may inadequately represent the role of administrators, teachers, and the school in protecting student privacy under the assumption of loco parentis.

[72] In 2019, the Government of the State of New York sued YouTube for violating COPPA by illegally retaining information related to children under 13 years of age.

This has met with extremely harsh criticism from the YouTube community, especially from gamers, with many alleging that the FTC of the United States intends to fine content creators $42,530 for "each mislabeled video", possibly putting all users at risk.

[73][74][75] However, some have expressed skepticism over this, feeling that the fines may actually be in reference to civil penalties, possibly intended for the site's operators and/or warranted by more serious of COPPA violations or specific cases of "mislabeling videos".

Markey and Josh Hawley introduced multiple bills (in the House in 2018 as the "Do Not Track Kids Act", and in 2019 as a Senate measure) proposing that COPPA ban the use of targeted advertising to users under 13, require personal consent before the collection of personal information from users ages 13–15, require connected devices and toys directed towards children to meet security standards and include a privacy policy disclosure on their packaging, and require services to offer an "eraser button" to "permit users to eliminate publicly available personal information content submitted by the child, when technologically feasible".

In January 2020, Bobby Rush and Tim Walberg introduced a similar house bill known as the Preventing Real Online Threats Endangering Children Today (PROTECT Kids) Act, which would extend all existing COPPA consent requirements to users under the age of 16, and explicitly add mobile apps, "precise geolocation", and biometric data to its remit.