FTC can do better on age assurance, say privacy rights’ groups

A group of privacy organizations is lobbying for “stronger, privacy-protective age assurance standards” in the U.S. and calling for the Federal Trade Commission to revise its enforcement policy statement on age verification under the Children’s Online Privacy Protection Act (COPPA).

A release from the Center for Digital Democracy (CDD), the Electronic Privacy Information Center (EPIC), and Fairplay says the groups have sent a letter to the FTC arguing that its statement “sets a weak federal floor for age verification data practices.”

Specifically, it is concerned that the FTC “sidesteps COPPA’s core protection of requiring parental consent for data collection by allowing operators of mixed audience or general audience websites or online services to collect personal information from every user, including children, without parental consent in order to determine which users are children.”

Moreover, the policy statement’s security standards for sensitive data are weaker than the FTC’s own rules and guidance, and it “sets the bar for third-party oversight below the FTC’s own established standards.”

The groups also cite weakened data retention and deletion requirements, failure to prevent bias against different demographic groups, and an overly broad definition of age verification as concerns.

FTC letting Big Tech get away with egregious data collection

“The standards the FTC sets now will shape how age verification is implemented nationwide for years to come, whether to comply with COPPA or other frameworks,” the letter reads. “It is therefore essential that the Commission get this right.”

Katharina Kopp, director of policy for the Center for Digital Democracy, says the problem has never been identifying who’s a child. “It’s that identifying children creates obligations companies want to avoid.”

“Most major platforms, like Meta and Google, already know which of their users are children. Instead of holding the industry to the stronger requirements the FTC itself has established for children’s data and biometric data, this enforcement statement gives operators a weaker standard for collecting children’s facial scans and behavioral profiles. That is not what protecting children looks like. Families who have lost trust in the online marketplace will rightly ask whose interests is the FTC serving – parents’ or the tech giants’? The FTC must revise this policy statement without delay and proceed with COPPA Rulemaking on Age Assurance Standards.”

In short, says the trio of non-profits, the FTC hasn’t gone far enough in formalizing its commitment to support privacy preserving age assurance. “The FTC has the expertise and the authority to do better.”

Article Topics

age verification  |  biometrics  |  COPPA  |  data privacy  |  FTC  |  United States