16 CFR Part 312; Children’s Online Privacy Protection Rule Review; Project No. P104503 #00014 

Submission Number:
00014 
Commenter:
Bruce Nguyen
Organization:
Novachi Inc.
State:
California
Initiative Name:
16 CFR Part 312; Children’s Online Privacy Protection Rule Review; Project No. P104503

COPPA Rule Review, 16 CFR Part 312, Project No. P104503 The debate over the feasibility of developing a cost-effective solution for obtaining parental consent may soon resolve with a break-through technology solution. Novachi Inc. has developed a cost-effective solution for obtaining verifiable parental consent without relying on the sliding scale approach. Novachi and many institutions such as banking, state, and federal government agencies may already possess true parent and child relationship along with their online identity and contact information. These institutions may provide identity management service (IDS) to online operators through open technology standards such as OpenID or SAML. We propose that the FTC allows an option for COPPA compliant institutions having met the highest standards to provide IDS to other online operators. If an online operator utilizes exclusive IDS from COPPA complaint institutions having met the highest standards, there would be no doubt about the identity of the parent or the child accessing a network system. Compliance then becomes a simple process workflow to obtain parental consent online before granting the child access to the online service. We propose that the FTC allows IDS from COPPA compliant providers be an approved option for COPPA compliance. The direct notice to parent process is more efficient if the COPPA compliant IDS provider can obtain parental consent on its own system, whereby allowing parent to authorize a set of online services rather than once per independent online service. We propose that the FTC allows COPPA compliant IDS provider to obtain parental consent on behalf of another online service provider as long as the online service provider uses exclusive IDS from one or more COPPA compliant providers. The multiplicity of COPPA compliant IDS providers ensures market competitiveness. Any institution such as a local bank or government agency may be able to provide COPPA compliant IDS. OpenID and SAML are proven industry identity management technologies for access control across organizations. Allowing COPPA compliant IDS providers to extend service to online operators will ensure children safety with quick electronic parental consent as originally intended by the law.