Children’s online data privacy protections in the United States developed in response to concerns about risks to children’s safety and wellbeing, including exposure to data practices that commercialize children’s data, child predation, and age-inappropriate content. In 1998, lawmakers sought to put parents in control of how their children engaged with the internet by enacting COPPA, the Children’s Online Privacy Protection Act. COPPA requires that operators subject to the law obtain verifiable parental consent before collecting personal information online from children under 13, with certain exceptions.
This approach is intended to have several benefits: it provides baseline protections for kids; enables parents to tailor online experiences to their particular child’s needs rather than mandating identical treatment for all children based on age; encourages online firms to offer services to adults, children, or both; and sets reasonably clear rules for services aimed at kids.
However, COPPA’s reliance on verifiable parental consent has elicited critiques: Stakeholders from industry, academia, and civil society argue that: it can be difficult to distinguish between kids and adults online; it is harder still to establish whether a particular child is related to a particular adult, to say nothing of the nature of the relationship; parental consent mechanisms often exclude some families from online services; some parents are reluctant to provide financial or ID information that is required for some verification mechanisms to function properly; the costs and inconvenience of verification can lead families to abandon child-focused services for riskier general audience products; and these costs can spur tech firms to provide less robust offerings to children or spurn youth-directed services altogether.
The Federal Trade Commission has approved certain mechanisms for obtaining verifiable parental consent, and in the decades since COPPA’s passage, online sites and services rely on those approved mechanisms to ensure they appropriately obtain verifiable parental consent. However, these approved mechanisms do not come without challenges and emerging technologies and policy frameworks may provide an opportunity to augment or modify consent requirements.
While much attention has been given to COPPA and its challenges more broadly, the challenges surrounding verifiable parental consent have been less explored. This discussion draft seeks to outline the existing landscape of verifiable parental consent in practice. To better understand the policy considerations underpinning the verifiable parental consent requirement, the draft begins by providing an overview of COPPA’s history, introduction, and passage. The draft then explores international approaches to regulating children’s data privacy, to understand how alternative approaches developed in the wake of COPPA, as well as the tensions in reconciling those alternative approaches. Then, the draft explains COPPA’s framework, the verifiable parental consent requirement, and existing approved mechanisms. After providing this overview, the draft summarizes challenges and solutions raised by stakeholders regarding the implementation and effectiveness of verifiable parental consent.
Informed by research and insights from parents, indInformed by research and insights from parents, industry leaders, advocates, and academics, this discussion draft highlights key friction points that emerge in the verifiable consent process, including:
- Hesitancies, Privacy, and Security
- Convenience and Cost Barriers
This discussion draft is the first piece of FPF’s in-depth exploration into verifiable parental consent. The suggested solutions offered in the draft are a non-exhaustive list developed through FPF’s research and insights from stakeholders. Because this white paper is a discussion draft, we intend to develop the challenges and perspectives outlined, which will ultimately inform solutions, including a forthcoming set of best practices for industry stakeholders seeking to provide children with safe, privacy-protective experiences. We invite collaboration and input from all involved stakeholders, including parents, advocates, academia, industry, regulators, and policymakers.
View The State of Play: Verifiable Parental Consent and COPPA Press Release here.
Let’s Solve This!
FPF is calling on industry, advocates, and academics to help identify possible solutions to untangle these challenges and remove friction from the VPC flow.
Suggestions for improvements, mechanisms, and methods include incorporating the use of mobile phones for greater flexibility, leveraging major platforms to facilitate compliance, considering alternatives to credit cards, and exploring emerging technologies including implementing age assurance tools.
Please direct all comments to: [email protected] by December 15th, 2021 thank you!