I'm happy to answer that.
In the context of numerous client engagements, we've had to address that exact issue. The best place to start, actually, is with your reference to COPPA. Under PIPEDA, as we've heard throughout the afternoon, there's a consent-based requirement. Individuals under the age of 13 would not have the capacity to provide consent. Similar to COPPA, but without any wording, if you are 10 or 11 or 12.... Let's take an eight-year-old by way of example. You would need the consent of a guardian or a parent in order to provide the authority for that particular processing.
In common law, consent of minors generally is one of decision-making capacity, so it will be highly contextual when you get to roughly the COPPA-related age of maybe 12 or 13, all the way up to the age of majority, which varies. Legally you'll have to consider whether there's ability to even obtain context in the circumstance. Regardless, PIPEDA contains a whole suite of rules that are, as I mentioned, sectorally and otherwise agnostic.
So these rules would protect sensitive data the way they would protect any other type of sensitive data—