The Federal Trade Commission recently issued amended guidance on enforcement of the requirement that websites and applications subject to COPPA, or the Children’s Online Privacy Protection Act (any website or application that directs itself to, or has actual knowledge that it collects information from, children under the age of 13), obtain “verifiable parental consent” prior to the collection and use of children’s information. The FTC has encouraged web and app developers to design new methods of verifying parental consent as long as such methods show “reasonable effort…to ensure that a parent…receives notice…and authorizes the collection, use, and disclosure…of personal information…before that information is collected”. Many early methods for obtaining verifiable parental consent revolve around the use of credit card information. In the FTC’s new guidance, the Commission has clarified that while charging a credit card may be a sufficient method (since the parent would presumably see the charge on the monthly credit card statement and thus have notice of the child’s activity), merely collecting credit card information is not sufficient. However, credit card information in connection with other verification steps may be sufficient to meet the verifiable parental consent requirement. The FTC also affirmed that mobile application developers may rely on an app store’s COPPA-compliant parental consent method, and may also rely on third-party platforms that obtain COPPA-compliant parental consent; however, the liability for obtaining verifiable parental consent still rests on the actual web or app developer, not on the developer of the third-party parental consent platform.
Leave a Reply