The U.S. Federal Trade Commission (“FTC”) has allowed the use of a new method involving the facial recognition of parents to verify that the person providing consent for a child to use an online service is indeed the child’s parent.
The Rules promulgated under the Children’s Online Privacy Protection Act (“COPPA Rule”), require websites and online services directed to children to obtain the consent of a child’s parent before collecting personal information from the child. The COPPA Rule allows parties to request the FTC’s approval of methods not currently provided for in the Rule. This provision seeks to encourage the development of new methods that provide businesses with more flexibility while ensuring parents are providing consent before collecting personal information from the children.
The COPPA Rule currently allows parents to email, fax or send electronic scans of consent forms, call specified toll-free numbers with their consent, or use their bank or credit cards for payments. One method in use involves checking government-issued identification documents submitted by parents against databases with such information. In contrast to this, the new system performs the verification entirely by face recognition technology.
The approved new system, called “face match to verified photo identification” (FMVPI), requires the parent to submit a snap of a personal photo ID (e.g. a driver’s license, passport, etc.) which is verified using image forensics technology, in order to ensure that it is a genuine government-issued document. The parent then submits a selfie, taken with a phone camera or webcam, which the system then compares using facial recognition technology to ascertain whether the person on the photo is the same person as in the second photo.
Once the verification and consent process is completed, the identification information submitted by the parent will be deleted within five minutes.