FTC push for age verification a ‘major landmark’ for spread of the tool

Implementation of age verification technology is expected to speed up as a result of recent comments by FTC officials assuring industry that they view it as essential and are looking for ways to make it clear that using the tools does not violate child privacy regulations.

Many tech companies have long worried that by asking children to verify their ages, they could risk violating the Children’s Online Privacy Protection rule (COPPA rule), which prohibits collecting data from children under age 13 without first obtaining parental consent.

But the COPPA rule should not be an “impediment to the most child protective technology to emerge in decades,” Chris Mufarrige, director of the FTC’s Bureau of Consumer Protection, said at an agency event late last month focused on age verification. He was one of a few FTC officials at the event to hail age verification technologies as critically important to protecting kids online.

The agency is planning to draft a policy statement about how companies can use age verification without violating the COPPA rule as well as a potential amendment to the rule to make clear that age verification is not subject to the regulation under certain conditions, FTC Chair Andrew Ferguson said at the event.

Iain Corby, executive director of the Age Verification Providers Association, called the FTC officials’ comments and plans a “major landmark” in the development and spread of age verification implementation worldwide.

He noted that while many U.S. states and countries outside of the U.S. have taken steps to require age verification to access some online content, the center of gravity for the online world is Silicon Valley and seeing America’s top federal regulator heartily endorse the technology is highly consequential.

“The way America chooses to regulate big tech is almost inevitably going to become the global standard,” Corby said. “So the fact that the principal regulator in the U.S. is now backing age verification to the extent that was demonstrated in that event is very significant.”

Many large companies already have begun implementing age verification regimes. On Monday, Discord announced it will require all users to prove their age with either a selfie video or a government ID.

At least 25 U.S. states have passed laws requiring age verification to access websites deemed as including content that could harm minors, though much of that legislation has targeted pornography specifically.

In December, Australia banned social media for all users age 15 and younger. In the past few weeks, a large number of European countries, including the U.K., the Netherlands, Spain and France have said they are examining or plan to implement bans similar to Australia’s. Such bans rely on age verification to be enforced.

Corby said that many companies have already moved to adopt age verification as child safety lawsuits against online platforms and new laws mount, but that the comments from the FTC officials have “removed one major barrier to the continued momentum for age verification, which is the concern that it may somehow breach COPPA.”

Dona Fraser, senior vice president of privacy initiatives and a COPPA rule expert at BBB National Programs, agreed that the current COPPA rule is a barrier to some companies adopting age verification, making the FTC statements significant.

“Right now I think COPPA unintentionally discourages age checks, because it treats any collection of children's data as a compliance risk,” she said. “We have to allow this one time age verification and I think there needs to be a carve out” allowing for data collection just for that purpose. 

“COPPA creates this incentive to not ask [for biometric or ID data] and to just rely on self reporting age and we know that children lie about that,” she added.

Industry on alert

The FTC’s promotion of age verification first caught industry’s attention in September, when the agency for the first time expressly recommended the use of age verification as a settlement term. It was a watershed moment, observers say, and came as part of an enforcement action against Disney, which was fined $10 million for COPPA violations. 

Industry players are now grappling with how to quickly respond to the FTC’s signals on age verification, insiders say.

“Is industry paying attention?” said Stacy Feuer, senior vice president of ESRB Privacy Certified, which works with video game and toy companies to adopt and maintain lawful and responsible privacy practices. “Well, we certainly are, as the self-regulatory program for the video game and toy industries. We have been thinking a lot about these developments.”

“Many companies are expecting that age verification will move to be a front-line obligation,” she added.

The FTC can issue a policy statement quickly. An amendment to the rule will take more time. Either way, Feuer said, it is clear how things are trending.

“It's unmistakable that the FTC … [is] expecting that companies will engage in age verification of their users,” she said.

The biggest question to emerge from the FTC event is what kind of age assurance technologies will be clearly blessed and under what circumstances companies should ask for children’s data to verify age, experts said.

While many large, global companies have already implemented some form of age verification, Amelia Vance, president of the Public Interest Privacy Center, said the cost has been prohibitive for some smaller and medium sized companies — firms which will now be more likely to seriously explore implementing age verification regimes.

Companies also will be more comfortable using biometrics to verify children’s age given the FTC’s aggressive stance on the issue, she predicted. 

In the near term “you'll see a larger diversity of age verification approaches being adopted by companies.”

Having age verification endorsed at the federal level “is vital,” she said. “It's a higher level of attention.”