Which US federal law protects the privacy of children under the age of thirteen?

The Children's Online Privacy Protection Act (COPPA) is the US federal law designed specifically to protect the privacy of children under the age of thirteen. Enacted in 1998, COPPA imposes certain requirements on operators of websites and online services directed at children. It mandates that these operators must obtain verifiable parental consent before collecting, using, or disclosing personal information from children. This includes information like names, addresses, email addresses, and other identifiable information.

COPPA's focus is to ensure that the online experience for children is safe and that parents have control over the information collected about their children, thereby laying down a framework for how children's data should be managed by online entities. The act reflects the acknowledgment of children's vulnerability online and serves to enhance their data privacy rights in an increasingly digital world.

The other laws mentioned do not focus specifically on children's privacy in the same way. For instance, PCI DSS relates to payment card transactions and security, GDPR is a comprehensive data protection regulation applicable primarily to EU residents, and CMMI is a framework for improving process and product quality in organizations, which does not address individual data privacy, especially concerning minors.