COPPA requires companies to obtain verifiable parental consent before collecting information from children online. As we have written, the Rule implementing the law was recently updated, and those updates went into effect in July. As part of the updates, interested entities can now ask the FTC to approve new methods of verifiable parental consent which are not already in the Rule itself. The goal with this amendment was to permit companies to think of new mechanisms for getting consent, and to let many companies take advantage of those new ideas. Already in the Rule are mechanisms like asking parents to sign and fax or PDF in a form, or having parents call and provide consent verbally. AssertID has now filed an 85 page request to the FTC asking that a mechanism it has developed, and that it describes in its application, be granted approval. The process appears to be designed for a wide number of companies to use through an API-based mechanism, and would have parents notified by email (or if the parent is pre-registered, by Facebook or text) that the operator wishes to collect information from the child. To provide consent, parents are verified by "close friends and family," according to the AssertID request. This verification is done through checking AssertID does of the individual's social media presence, creating a "trust score" (a determination of whether the social media presence is legitimate), and then asking "verifiers" to confirm the person's identity. Once the parent has been verified, he or she can manipulate the levels of consents within their AssertID parent account. The FTC is seeking public comment, including asking whether the proposed method is already covered under the existing Rule.
TIP: It is not clear if this particular proposal contains new consent mechanisms, or if it is a new twist on a combination of many existing mechanisms (parental consent through email plus, in particular). We will continue to monitor the process of this application, and it serves as a reminder to companies that the FTC is open to potential new consent mechanisms that are not currently included in the Rule – and has created a fast-track approval process for such ideas.