The FTC has denied AssertID’s request to recognize a new method for obtaining verifiable parental consent for the online collection, use, and disclosure of personal information from children under 13.  The application was the first of its kind to be filed since the FTC added a voluntary parental consent approval process to its revised rule implementing the Children’s Online Privacy Protection Act (“COPPA”).

AssertID’s parental consent product, ConsentID, verifies the parent’s identity and relationship to the child by polling the parent’s social networking connections to calculate a “trust score.”  Once the parent’s trust score meets a defined threshold, that parent can consent to the child’s use of various websites, mobile applications, and other online services.  The FTC concluded that AssertID provided insufficient evidence that the ConsentID polling process reliably predicted that the person providing consent was the child’s parent. 

In addition, the FTC emphasized that the ConsentID process could be circumvented by children who create fake social media accounts.  However, the COPPA statute clearly does not require that parental consent methods be flawless.  Rather, the COPPA statute permits “any reasonable effort (taking into consideration available technology) . . . to ensure that a parent of a child receives notice . . . and authorizes the collection, use, and disclosure, as applicable, of personal information.”  15 U.S.C. Section 6501(9)(emphasis added).  Applying this reasonableness standard, the FTC previously has recognized a number of other parental consent methods that children can circumvent with little effort, such as print-and-send forms that children themselves can print, sign, and return by mail or an electronic scan.

One other parental consent application remains pending at the FTC.  In July, Imperium sought approval for its ChildGuardOnline service, which uses a variety of different verification methods including the opportunity to respond to a number of “out of wallet” challenge questions such as pervious addresses or phone numbers. 

The FTC’s consideration of the AssertID and Imperium applications provide some insight into whether the FTC, in effect, will raise the bar for new parental consent methods or will provide sufficinet flexibility to encourage industry to develop new electronic parental consent methods that are reasonable, innovative, scalable, and parent-friendly.

While the FTC’s  process for recognizing new parental consent methods provides some insight into the types of methods the FTC is likely to conclude meet the statutory standard, businesses are not required to get pre-approval for new parental consent methods that they would like to use.  The FTC has emphasized that the pre-approval process is strictly voluntary and that any method that meets the statutory standard is legally compliant. 

Print:
EmailTweetLikeLinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.