Executive Summary
Today, many children’s favorite playgrounds are found online. And verifiable parental consent, or VPC, is the digital version of giving a child permission to play.
The challenges and opportunities posed by VPC have never been more important. Young people are using online services more than ever. Parents are grappling with how to protect their children best while teaching them to engage with technology in healthy ways. The Federal Trade Commission (FTC) is considering changes to the core federal law governing VPC. Companies are developing and implementing novel VPC technologies.
New laws in California, Utah, and the United Kingdom require that a range of online services begin estimating or verifying the age of users, which will invariably impact the use of VPC methods. Indeed, some of the same technologies used to establish VPC also undergird age estimation technologies required by these new laws. Stakeholders have started a robust discussion about the potential benefits of age estimation and VPC tech, the privacy risks of estimating the ages of internet users, and the trade-offs between the accuracy and invasiveness of VPC and age estimation technologies. Therefore, it is an excellent time to assess the state of play regarding VPC.
With that ambition, FPF convened industry, advocates, academics, parents, and policymakers to better understand how VPC works today, how it impacts kids’ access to online play, and the unintended consequences of VPC laws and technologies. We prepared a discussion draft of this whitepaper last fall and circulated it widely to both stakeholders and the public, inviting commentary and feedback. This is the revised version of the discussion draft: an updated analysis of the state of play.
In this paper, we examine just how much children engage with the internet, explore the history of VPC and other similar approaches around the world, do a deep dive into the contours of VPC itself, identify challenges associated with VPC, and consider some possible solutions.
Although VPC requirements have enabled millions of parents to better understand and vet their children’s online playgrounds, the VPC framework presents real challenges for young people and their guardians. The VPC process can:
- Lacks efficacy: VPC often does not work as it should. Parents can get lost in the multiple steps required and attempts to provide bona fide VPC may fail if photos of a guardian’s ID are blurry or there are other errors with VPC submissions. All too often, children figure out how to bypass VPC altogether, and parental consent is circumvented from the process intended to protect children.
- Limit accessibility: Common VPC methods, such as providing a credit card number or government-issued identification, reduce or preclude equitable access for millions of caregivers who are unbanked, undocumented, or lack government-issued identification for other reasons.
- Generate hesitancy and privacy concerns: a VPC requirement may give parents pause, causing them to worry about why the information to fulfill the requirement might be needed or even causing them to be skeptical about the motives of the digital platform. Requirements to share sensitive financial or other personal information can also leave parents concerned about potential security and privacy risks associated with that digital experience.
- Inconvenient and poses cost barriers: VPC can involve multiple steps and can be time-consuming and cumbersome. As a result, many parents do not complete the VPC process, thereby locking their children out of engaging online experiences. There is evidence that many children are thus likely to either lie about their age, try to circumvent the VPC system, and/or redirect their online play to general audience services that provide fewer privacy protections – and expose children to more age-inappropriate content – than comparable child-directed services. From a developer standpoint, VPC can be such an implementation and cost barrier for operators that many are abandoning developing experiences for children altogether.
Let’s Solve This!
This report identifies possible solutions that are worth further discussion. These include:
- New regulatory approaches, including a transition of the FTC’s approved-VPC methods list to a criteria-based framework;
- Alternative VPC methods, such as mobile phone text messaging, platform-mediated VPC, VPC during setup at the direction of a parent, and other alternatives to credit card VPC methods, including methods based on other financial instruments; and
- Amending the FTC approval process for VPC methods to promote more timely review, create an independent review panel, or implement a “regulatory sandbox” where VPC approaches could be tested and assessed.
This report is intended to help identify the challenges raised by VPC and determine what the future of parental consent could be. It is also an invitation for us to find a solution together. Let’s explore the future of play!