With changes that should make it easier to develop child-directed apps, the Federal Trade Commission recently updated its guidance for verifying parental consent under the Children’s Online Privacy Protection Act (COPPA) by issuing three updated FAQs on “verifiable parental consent” requirements.
COPPA requires that companies obtain verifiable parental consent before they collect information about children under age 13, unless the collection fits into one of the exceptions provided by the law. Companies commonly obtain verifiable parental consent by collecting a parent’s credit card number, then charging a minimal amount, and then refunding the money.
In its revised FAQs, the FTC reiterates that the financial transaction (as described above) is one of several non-exhaustive options and that any number of methods may be used as long as they are “reasonably calculated.” The revised FAQs further state that sponsors can obtain “reasonably calculated” consent under certain circumstances by requesting a credit card number and then pairing the card number with other reliable data – such as “special questions to which only parents would know the answer” – in lieu of actually charging and then crediting a card number.
In other updates, the FTC said parental consent can be obtained through app stores as long as reasonable steps are taken by the app developer to ensure that COPPA requirements are being met and that the parent truly provides the consent. Something more than “the mere entry of an app store account number or password” must be used for verification, the agency added, such as verification of government identification or knowledge-based authentication questions. “You must also provide parents with a direct notice outlining your information collection practices before the parent provides his or her consent,” the agency added.
Relying on app stores will not alleviate companies from potential COPPA liability, however. App stores will not be liable under COPPA for failing to investigate the privacy practices of the operators for whom they obtain consent, the FTC noted, but could face potential liability under Section 5 of the Federal Trade Commission Act for deceptively misrepresenting the level of oversight provided for child-directed apps.
Industry hailed the update as a step in the right direction. “The FTC’s steps to improve clarity around COPPA removed some major obstacles that discouraged app makers from entering the children’s market,” ACT – The App Association’s executive director Morgan Reed said in a statement. “We believe now that more companies will embrace the opportunity to make engaging and educational apps for children.”
To read the FTC’s updated COPPA FAQs, click here.
Why it matters: The updated FAQ’s indicate that the FTC will work to clarify the “consent” issues and may issue additional guidelines in the future.