The FTC issues a COPPA policy statement to incentivize the use of age-verification technologies to protect children online.
The Policy Statement explains how the FTC will enforce rules governing the collection, use, and disclosure of personal data to determine a user’s age.
Today, the Federal Trade Commission announced it will not take enforcement action under the Children’s Online Privacy Protection Rule (COPPA rule) against certain websites and online services that collect, use, or share posted information only to verify a user’s age using age verification technologies.
The COPPA rule requires operators of commercial websites and online services directed to children under 13, and operators with actual knowledge, to comply. They are collecting personal information from a child to provide notice of their information practices to parents and to obtain verifiable parental consent before collecting, using, or disclosing personal information collected from a child under 13.
Age verification technologies are important tools for parents who want to monitor their children’s online activities. Since the passage of COPPA in 1998, children’s use of Internet-connected devices has grown rapidly. To help parents manage these problems, some states now require certain websites and online services to use age authentication procedures. However, as discussed at the FTC’s recent workshop, some of these technologies may need to collect personal information from children, raising questions about whether this could violate COPPA.
Verification technologies are some of the most child protective technologies to emerge in decades, said Christopher Muffarrige, Director of the FTC’s Bureau of Consumer Protection. Our statement incentivizes operators to use these cutting-edge tools, empowering parents to protect their children online.
The Policy Statement says the Commission will not take enforcement action under the COPPA rule against operators of general audience or mixed audience sites and services that collect/use, or share personal information solely to determine a user’s age without first obtaining verifiable parental consent, as long as they meet certain conditions. These conditions include:
- Do not use or disclose information collected for age verification purposes for any purpose except to determine a user’s age.
- Do not retain this information longer than necessary to fulfill the age verification purposes and delete such data promptly thereafter.
- Disclosed information collected for age verification purposes only to those third parties the operator has taken responsible steps to determine are capable of protecting the confidentiality, security, and integrity of the information, including by obtaining certain written assurances from third parties.
- Provide clear notice to parents and children about the information collected for age verification.
- Employ reasonable security safeguards for information connected to age verification purposes and
- Take reasonable steps to determine that any product, service, method, or third party used for age verification is likely to provide reasonably accurate age results for the user.
The policy statement notes that the Commission plans to review the COPPA rule to address age authentication techniques. This policy will stay in effect until the Commission publishes the final rule changes in the Federal Register or decides to withdraw it.
The Commission voted 2:0 to issue the Policy Statement.
Manmeet Dhindsa from the FTC’s Bureau of Consumer Protection is the lead staff member on this issue.
The Federal Trade Commission promotes competition, protects consumers, and educates consumers. The FTC will never ask for money, threaten you, tell you to transfer money, or promise you a prize. To learn more about consumer topics, visit consumer.ftc.gov. You can also report fraud scans and bad business practices at reportfraud.ftc.gov. Follow the FTC on social media. Read about Consumer Alerts and the Business Blog and sign up for the latest FTC news and alerts.
