The EU GDPR is widely recognised as a leading standard for data protection, but when it comes to safeguarding children’s data, the United States (US) remains functionally ahead. The Children’s Online Privacy Protection Act (COPPA) is a federal law designed to safeguard the online privacy of children under the age of 13. This legislation requires website and service providers that collect, use, or disclose personal information from young users to obtain verifiable parental consent. Notably, even if privacy policies are effectively communicated to minors themselves, such disclosures do not absolve operators from liability or shield them from regulatory sanctions and penalties. Just as lawful bases for processing constitute the foundation of the GDPR in the European Union (EU), verifiable parental consent serves as the fundamental requirement under COPPA in the US.