FTC Invites Public Comments On COPPA Consent Method

Aug. 25 — The Federal Trade Commission is seeking public comments on a proposed verifiable parental consent method under the Children's Online Privacy Protection Rule proposed by AgeCheq Inc., the commission announced Aug. 25.

The FTC's rule implementing the Children's Online Privacy Protection Act, or COPPA Rule, (16 C.F.R. § 312), requires online sites and services that are directed at children to obtain parental permission before collecting personal information from children, the commission said in a statement. The FTC's amendments to the COPPA Rule took effect in July 2013.

Although the rule provides several acceptable methods for gaining parental consent, it also includes a provision enabling interested parties to propose new verifiable parental consent methods to the commission for approval.

The FTC has approved one other proposed verifiable parental consent method under the amended version of the COPPA rule, that of Imperium LLC in December 2013.

The commission, however, rejected a proposal by AssertID Inc. in December 2013 and found it unnecessary to approve a proposal by iVeriFly Inc. in February 2014. The FTC said AssertID's proposed method—which was based on peer verifications through a parent's social network—didn't meet the approval criteria in the COPPA Rule. The proposed consent method by iVeriFly was a variation of other consent methods already recognized by the rule or approved by the commission, the FTC decided.

Consent for Mobile Apps

According to the application by York, Pa.-based AgeCheq, its proposed parental consent method “allows a parent to curate a child's mobile application (app) experience in real-time, through automated, device-level, implementation of verified parental consent.”

According to AgeCheq, the consent method works as follows:

• “a parent personally registers him/herself and the child's device(s) with a third party common consent administrator (CCA);

• the CCA verifies parental identity through any currently enumerated method; and

• the CCA technically links the verified identity with the mobile devices used by the parent's children, thereafter allowing app-specific permission to be granted to (or revoked from) each individual device.”

While these steps are being taken, AgeCheq explained that “participating developers embed code within their apps which automatically query the CCA's database to ensure parental consent has been granted. If consent has not yet been granted, a verified parent must use the CCA service to review the developer's app-specific privacy disclosures and affirmatively grant consent.”

The FTC said it is seeking comments on:

• whether AgeCheq's proposed parental consent method is already covered by the existing methods included in the rule;

• whether the proposed method meets the rule's requirement that it be reasonably calculated to ensure that the person providing the consent is actually the child's parent;

• whether the proposed method poses a risk to consumers' information; and

• whether that risk is outweighed by the benefits of the proposed method.

Comments are due Sept. 30.

The FTC's draft Federal Register notice is available at http://www.ftc.gov/system/files/documents/federal_register_notices/2014/08/140825agecheqfrn.pdf.

AgeCheq's application to the FTC is available at http://www.ftc.gov/system/files/attachments/press-releases/ftc-seeks-public-comment-agecheq-inc.proposal-parental-verification-method-under-coppa-rule/140825agecheqapp.pdf.