On November 19, 2014, the Federal Trade Commission announced that it is seeking public comment on a second proposed verifiable parental consent method by AgeCheq, an online privacy protection service. The Children’s Online Privacy Protection Act (COPPA) requires children and family-friendly website operators and app developers to (1) post privacy policies and (2) notify and obtain verifiable consent from parents prior to collecting, using, or disclosing personal information from children under the age of 13.
There are considerable challenges to obtaining verifiable consent from parents in real time–particularly for use of online services by children. The rule lays out a number of acceptable methods for gaining verifiable parental consent and includes a provision allowing parties to submit new consent methods to the FTC for approval. Age Cheq’s new proposal eliminates the need for paper signatures by providing a digitally signed parental declaration authenticated by a verification code on the parent’s mobile device.
COPPA enumerates several methods for obtaining verifiable parental consent but also provides an opportunity to request FTC approval for parental consent methods not already listed in COPPA. The FTC is particularly interested in receiving comments on 3 questions:
- Does the proposed method constitute a new methodology or is it already covered by existing methods enumerated in COPPA?
- If it is a new method, does the proposed method meet the requirements for parental consent required by COPPA, namely, will the proposed parental consent method, in light of available technology, reasonably ensure that the person providing consent is the child’s parent.
- Will the proposed method pose a risk to consumers’ personal information? If so, is that risk outweighed by the benefit to consumers and businesses of using this method?
This is the second application filed by AgeCheq for consideration by the FTC of a verifiable parental consent mechanism. The first AgeCheq proposal was denied by the FTC because the Commissioners determined that AgeCheq’s proposed mechanism describes a method already enumeratored in the Rule as a valid means of obtaining verifiable parental consent. The FTC’s letter also states that companies are free to develop common consent mechanisms without Commission approval.
Here’s AgeCheq’s existing proposal for verifiable parental consent mechanism works.
A parent registers herself and her children’s computer and mobile device(s) with a third party “common consent administrator” (CCA) that verifies the parental identity, links that verified identity to the mobile devices used by the parent’s children, an allows the parent to provide app-specific permission (or to revoke permission) on each individual device, and online service providers can embed code within their websites or apps which automatically query the CCA database to ensure parental consent was granted. If consent has not yet been granted, a verified parent must use the CCA service to review the online service provider’s services-specific privacy disclosures and affirmatively grant consent.
Do you have a comment? Act now, the comment period closes December 29, 2014.
The FTC’s draft Federal Register notice is available here.
AgeCheq’s first proposal is available at http://www.ftc.gov/system/files/attachments/press-releases/ftc-seeks-public-comment-agecheq-inc.proposal-parental-verification-method-under-coppa-rule/140825agecheqapp.pdf.
AgeCheq’s second proposal is available athttp://www.ftc.gov/system/files/attachments/press-releases/ftc-seeks-public-comment-second-agecheq-inc.proposal-parental-verification-method-under-coppa-rule/141119agecheqapplication.pdf
Revised 11/26/2014 to provide update about status of Age Cheq’s first proposal, correct the FTC Comment Deadline and facts about Age Cheq’s proposals.