The Children and Teens' Online Privacy Protection Act significantly amends the existing Children's Online Privacy Protection Act of 1998 (COPPA). Its primary purpose is to extend privacy protections to individuals aged 13 through 16, now defined as teens , in addition to children under 13. The bill also expands the scope of covered entities to include operators of online applications , mobile applications , and connected devices , moving beyond just websites and online services. A key provision broadens the definition of personal information to encompass geolocation data, biometric information like fingerprints and facial templates, and persistent identifiers such as IP addresses, which can track users across platforms. Operators are now deemed to have collected information if they have "actual knowledge or knowledge fairly implied on the basis of objective circumstances " that a user is a child or teen, lowering the threshold for responsibility. This aims to prevent operators from avoiding obligations by claiming ignorance of user age. The legislation makes it unlawful to collect, use, disclose, or maintain personal information of children or teens for individual-specific advertising , with exceptions for contextual ads. It also introduces principles of data minimization , prohibiting the collection of personal information unless consistent with a transaction or service, and mandates data retention limits , requiring deletion when no longer reasonably necessary. Furthermore, operators must provide direct notice to parents or teens if their personal information is stored or transferred outside the United States. The bill strengthens the rights of parents and teens by requiring operators to provide verifiable consent for data collection and any material changes to its use. Parents, for children, and teens, for themselves, gain the right to access, delete, correct inaccurate, and refuse further collection or use of their personal information. Operators must also establish and maintain reasonable security practices to protect the confidentiality and integrity of this sensitive data. An exception to verifiable consent is provided for operators acting under written agreements with educational agencies or institutions , provided data is used solely for educational purposes and transparency is maintained. The Federal Trade Commission (FTC) is tasked with issuing guidance on determining "knowledge fairly implied" regarding user age and assessing the feasibility of a common verifiable consent mechanism . Additionally, the bill mandates FTC reports on mobile and online application oversight and enforcement, and a Government Accountability Office (GAO) study on the privacy risks for teens using financial technology products.