COPPA only applies to sites that are directed towards children or have "actual knowledge" that they're collecting data from children. It's legally sufficient to ask for birthdays and refuse signups from anyone under 13.
It doesn't have to be a specific rule. You learn that the age declaration was invalid so the "§312.10 Data retention and deletion requirements" applies unless you have a verifiable parent consent.
