No laws are being changed, but the move is apparently designed to “encourage the use of age verification technologies”, and create an environment where sites and services online can more easily employ restrictive age checks that may violate the letter of the law.
If you’ve ever been thinking about legally implementing questionable age restriction technology on a website, in other words, now is the time to try it. The FTC now says it won’t enforce its rules against collecting children’s data as long as you use their data only for age verification and not for anything else.
The Children’s Online Privacy Protection Rule (COPPA), passed in 1998, does not have a regulation directly governing age restriction rules. It focuses on what data a site can collect about children under 13 without parental permission. For example, in 2019, Google was fined $170 million for collecting data on children using YouTube and using it for ad targeting – a COPPA violation.
So if you’ve ever wondered why a popup asking when you were born, and enforced only by the honor system, is the only thing standing between you and an evil, evil website about beer, the answer is COPPA. Simply asking someone to self-report their age doesn’t actually create enough personal data that an advertiser would be tempted to buy it.
But last month, the FTC held a virtual event called an “Age Verification Workshop,” which featured panels with titles like “Navigating the Regulatory Maze of Age Verification.” The FTC’s description says the program will focus on “the interplay between age verification technologies and the Children’s Online Privacy Protection Act (COPPA rule).”
Legal commentators at law firm Wiley Rein, who attended the meeting, wrote that FTC Chairman Andrew Ferguson said during the event, “A potential amendment to our own COPPA rulemaking that would bring age verification technologies into compliance with COPPA” should be expected soon.
However, this latest development is not a regulatory amendment or rollback. In a press release, the FTC says it will essentially look the other way at data-gathering technology, as long as it is simple enough, not retained unnecessarily long, disclosed only to (obviously) trusted third parties, used in conjunction with parental notification, and kept secure.
“In the coming months, the Commission intends to initiate a review of the COPPA rule to address the age-verification mechanism,” the policy statement said. Therefore, this rule may be further relaxed soon.
<a href