The Children’s Online Privacy Protection Act (“COPPA”) provides a safe harbor for companies that comply with FTC-approved self-regulatory guidelines.  Since COPPA’s enactment, the FTC has approved proposals submitted by CARU, ESRB, TRUSTe, and Privo, Inc.  

Aristotle, which operates the Integrity suite of age and identity verification services, recently filed an application with the FTC to become an FTC-approved safe harbor program.  In addition to the verifiable parental consent mechanisms that are contained in the FTC’s COPPA Rule, Aristotle proposes to allow companies to obtain parental consent using the following electronic methods:

  • verifying the last four digits of the parent’s Social Security Number;
  • verifying the parent’s driver license number;
  • sending an e-mail with an electronically signed parental consent form plus verification of an attached copy of a government-issued ID;
  • sending an e-mail with an attached copy of a physically signed parental consent form;
  • using a secure website plus verification of an uploaded copy of a government-issued ID;
  • using a secure website plus verification of an uploaded copy of a physically signed parental consent form;
  • transmission and verification of a photocopy of a government-issued ID through Multimedia Messaging Service (“MMS”);
  • transmission and verification of a photocopy of a physically signed parental consent form through MMS;
  • submission of the parent’s full name, birth date, and address, verified through the use of commercially available databases;
  • submission of the parent’s full name, birth date, and location, verified through the use of commercially available databases plus the mailing of a confirming postcard to the verified address; and
  • face-to-face real-time verification through Skype or other online telephony or videoconferencing technology.

The FTC is seeking comments on Aristotle’s application.  Comments are due by August 8, 2011. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.