We got an interesting suggestion recently. “With how fast technology changes, how about building in a process so companies can see if newer methods meet the requirements of existing rules?” A related recommendation: Crowdsourcing. “The FTC could publicize an idea and get feedback from people.” We’re fans of innovation, too, which is why the Children’s Online Privacy Protection Rule includes a procedure for companies to ask if methods of getting parental consent not listed in COPPA nonetheless meet the Rule’s standards. As for crowdsourcing, we call it a notice and request for public comment — and we’ve been at it since the Truman Administration. The FTC’s approval of a verifiable parental consent method proposed by Imperium, LLC, illustrates how the agency builds these two ideas into the policy-making process.
COPPA requires certain sites to get verifiable parental consent before collecting, using or disclosing personal information from kids under 13. The Rule lists some options for how to do that, but also opens the door for companies to request FTC approval for other ways to get Mom or Dad's OK. It makes sense, doesn’t it? Rather than setting out the process in stone, COPPA was crafted with the assumption that new methods could come along that merit a close look.
Imperium recently proposed a parental consent method based on knowledge-based authentication. That’s a way to verify a user by asking challenge questions about "out-of-wallet" information — info that can’t be determined by looking through a person’s wallet and would be tough for someone else to answer correctly. The method may be new as far as COPPA is concerned, but financial institutions and credit bureaus have been using it for years.
Earlier this year, the FTC published Imperium’s proposal and asked for your feedback. Based on everything in the record, the FTC sent a letter to the company OKing knowledge-based authentication as an acceptable method for getting verifiable parental consent. But there are some caveats. The specific process needs to use multiple-choice questions with enough options to minimize the chance of lucky guessing. Also, the questions must be sufficiently tough so it’s unlikely a kid living in the household could figure out the answers.
Interested in weighing in on the next COPPA proposal? Your timing couldn’t be better. Santa Ana-based iVeriFly has asked the FTC to approve its suggested method of getting parental consent. You’ll want to read the proposal for details, but here’s what the FTC is asking:
- Is iVeriFly’s proposed method already covered by existing methods in the Rule?
- Does it meet the Rule’s requirement that it’s reasonably calculated to ensure the person giving consent is actually the kid’s parent?
- When it comes to consumers’ information, what are the risks and benefits of the proposal?
The FTC is hosting a virtual flash mob where people with opinions on the subject can gather. Actually, it’s just the link where you can file public comments by the January 21, 2014, deadline. But if it encourages public participation in the process to think of it that way, we’ll go with it.