The expansive engagement of children in cyber space triggered privacy threats, but children often lack the awareness and the capacity to foresee possible consequences. The Convention on the Rights of Children reveals the importance of children's privacy protection and the most relevant domestic legislation is ＂Protection of Children and Youths Welfare and Rights Act＂ and ＂Personal Data Protection Act (PDPA)＂. Since the Protection of Children and Youths Welfare and Rights Act only regulates specific processing or using behaviors, the core collecting behaviors of children's personal data shall still be subject to the PDPA. It is controversial whether children can give valid consent to the application of the PDPA, on the other hand, it is also necessary to consider the role of parents toward the collecting of children's data. The US Federal Children's Online Privacy Protection Act and EU General Data Protection Regulation both require acquiring parental consent when collecting children's data and ensu ring the validity of the consent. Taiwan's Personal Data Protection Act was first introduced in 1996 and was significantly amended in 2010, with the amendments becoming effective in 2012. Being the basic law of data protection affairs, the PDPA did not specifically consider the protection needs of children. Considering the increasing demand for children's privacy protection, possible approaches include formulate a section law such as COPPA, or imitating GDPR to include relevant protection provisions in PDPA. By comparing the legislative background and key provisions of COPPA, the author suggests to adjust the PDPA and proposes related amendments.