Skip to main content

Online games and websites for kids are everywhere these days – to the point where it’s commonplace to see toddlers playing with them, too. And while the internet often offers a positive way for children to explore and learn, privacy concerns are lurking. To help protect children’s privacy, the FTC enforces the Children’s Online Privacy Protection Act (COPPA), which requires websites and online services to obtain consent from parents before collecting personal information from kids younger than 13.

According to the FTC, i-Dressup, a website allowing users to play dress-up games, and its owners violated COPPA by collecting personal information from kids – including names, email addresses, and user names – without obtaining parental consent and failing to take reasonable steps to protect this information. This led to a breach of i-Dressup’s network in August 2016. As a result of the breach, a hacker accessed the personal information and account passwords of over two million i-Dressup users, including at least 245,000 children under 13.

So how can you protect your child online? Here are some tips:

  • Talk to your kids about what they’re doing online. Find out which games, social networking sites, and other online activities your kids are into and make sure you are comfortable with them.
  • Talk to your children about the implications of providing personal information.
  • Help your kids understand what information should stay private. Tell your kids why it's important to keep information like Social Security numbers, street addresses, phone numbers, and financial information private.
  • Learn more about how to protect your child when he’s online.
  • File a complaint with the FTC if you think a site has put your child’s privacy at risk.

0 Comments


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.