FTC makes COPPA exception for data collected for age verification process

Having hosted a number of events exploring the mechanics, ethics and applications of online age assurance technology, the U.S. Federal Trade Commission has issued a policy statement clarifying that websites and online services that collect personal information for the sole purpose of performing age verification will not face enforcement under the Children’s Online Privacy Protection Rule (COPPA Rule).

“To encourage the use of robust age-verification mechanisms, the Commission will not bring an enforcement action under the COPPA Rule against a Relevant Operator that collects, uses, or discloses personal information for the purpose of determining a user’s age without first obtaining verifiable parental consent,” reads the statement.

“As noted at the FTC’s recent workshop on age verification technologies, some age verification technologies may require the collection of personal information from children, prompting questions about whether such activities could violate the COPPA Rule.”

The answer is no – provided they comply with a set of conditions.

To wit, they cannot use or disclose information collected for age assurance for any other purpose. They cannot retain the data longer than necessary to complete age assurance. They must provide clear notice to parents and children of the information collected for age verification purposes, and employ “reasonable security safeguards for information collected for age verification purposes.”

Moreover, they must “disclose information collected for age verification purposes only to those third parties the operator has taken reasonable steps to determine are capable of maintaining the confidentiality, security, and integrity of the information, including by obtaining certain written assurances from those third parties,” and “take reasonable steps to determine that any product, service, method, or third party utilized for age verification purposes is likely to provide reasonably accurate results as to the user’s age.”

In other words, they must use a trusted partner whose biometric technology has been vetted for accuracy.

“Age verification technologies are some of the most child-protective technologies to emerge in decades,” says Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection, in a release. “Our statement incentivizes operators to use these innovative tools, empowering parents to protect their children online.”

The policy statement also says that the Commission intends to initiate a review of the COPPA Rule to address age verification mechanisms.

Article Topics

age verification  |  biometric age estimation  |  biometrics  |  children  |  COPPA  |  data protection  |  FTC  |  regulation  |  United States