Yesterday, the Federal Trade Commission announced that it is seeking public comment on a second verifiable parental consent method required by the Children’s Online Privacy Protection Act (COPPA). The applicant, AgeCheq, is an online privacy protection service. COPPA requires children and family-friendly website operators and app developers to (1) post privacy policies and (2) notify and obtain verifiable consent from parents prior to collecting, using, or disclosing personal information from children under the age of 13. There are considerable challenges to obtaining verifiable consent from parents in real time–particularly for use of online services by children. COPPA enumerates several methods for obtaining verifiable parental consent but also provides an opportunity to request FTC approval for parental consent methods not already listed in COPPA. The FTC is particularly interested in receiving comments on 3 questions:
- Does the proposed method constitute a new methodology or is it already covered by existing methods enumerated in COPPA?
- If it is a new method, does the proposed method meet the requirements for parental consent required by COPPA, namely, will the proposed parental consent method, in light of available technology, reasonably ensure that the person providing consent is the child’s parent.
- Will the proposed method pose a risk to consumers’ personal information? If so, is that risk outweighed by the benefit to consumers and businesses of using this method?
This is the second application filed by AgeCheq for consideration by the FTC of a verifiable parental consent mechanism. The first AgeCheq proposal provides such parental consent to online service providers through a third party. Here’s how AgeCheq’s verifiable parental consent mechanism works.
A parent registers herself and her children’s computer and mobile device(s) with a third party “common consent administrator” (CCA) that verifies the parental identity, links that verified identity to the mobile devices used by the parent’s children, an allows the parent to provide app-specific permission (or to revoke permission) on each individual device, and online service providers can embed code within their websites or apps which automatically query the CCA database to ensure parental consent was granted. If consent has not yet been granted, a verified parent must use the CCA service to review the online service provider’s services-specific privacy disclosures and affirmatively grant consent.
Do you have a comment? Act now, the comment period closes Dec. 17, 2014.
The FTC’s draft Federal Register notice is available at http://www.ftc.gov/system/files/documents/federal_register_notices/2014/11/141119agecheqcoppafrn1.pdf.
AgeCheq’s first proposal is available at http://www.ftc.gov/system/files/attachments/press-releases/ftc-seeks-public-comment-agecheq-inc.proposal-parental-verification-method-under-coppa-rule/140825agecheqapp.pdf.