Can Texting Parents for COPPA Consent Trigger TCPA Liability?
Let’s say your child wants to download Minecraft. He’s prompted to enter a parent’s phone number before proceeding, and he puts in yours. Moments later, your phone buzzes with a text asking for parental consent. While this seems like a responsible move under the Children’s Online Privacy Protection Act (COPPA), you pause. You never agreed to receive that text. Does this comply with the Telephone Consumer Protection Act (TCPA)?
Last week, the Federal Trade Commission (FTC) gave COPPA—a law many of us thought was stuck in the early 2000s—a much-needed update. One change that’s flown under the radar is the amended definition of “online contact information,” which now explicitly includes cell phone numbers.
That means operators of apps and websites can now collect a parent’s cell phone number (even if submitted by the child) and send a text asking for consent. This is permitted under COPPA as long as no personal information from the child has been disclosed and the message is strictly about obtaining verifiable parental consent.
The FTC calls this the “Text Plus” method. First, the operator sends an initial consent request via text. Then, they follow up with something additional, such as a confirmation text, a phone call, or a mailing address to ensure the person is truly the parent. Parents must also be informed that they can revoke consent at any time.
Sounds straightforward enough. But here’s the problem: this new flexibility under COPPA potentially collides with the TCPA, which governs how and when you can send texts to consumers. Under the TCPA, you need prior express consent from the subscriber or customary user to send any text using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice, even if the message isn’t promotional. For marketing texts, the law requires prior express written consent.
And here’s where things get murky: under contract law, children typically cannot give valid consent. That authority lies with the parent or legal guardian. If your child enters your phone number into a web form—like he did with Minecraft—can that input be treated as valid TCPA consent? COPPA may allow the operator to collect the number, but that doesn’t necessarily mean the text is TCPA-compliant.
At least one public commenter flagged this issue during the FTC’s rulemaking process, concerned that other laws like the federal “do-not-call” list and various state-level texting rules, could still apply, especially if the message contains anything that might be interpreted as commercial or promotional, even if that wasn’t the intent.
The FTC downplayed these concerns, noting that “these comments potentially overstate the degree of conflict,” but then emphasized that “operators and others must carefully consider and comply with all applicable state and federal laws when making decisions about whether and how to collect and use mobile telephone numbers.”
In other words, there is no safe harbor here. If you're running a children’s app or website, you're left navigating a tricky legal intersection between COPPA and the TCPA without a lot of clear road signs.
So, let’s go back to that Minecraft moment. If you’re a developer using the new Text Plus method, you can collect the parent’s phone number, but you must tread carefully. Keep the text focused solely on obtaining parental consent, and steer clear of anything that could be interpreted as advertising.
While the FTC may have updated COPPA, the TCPA remains fully in effect, and it carries serious consequences.