An FTC regulation that makes online age restriction rules tricky in service of the wider goal of keeping companies from gathering any data about children has just been downplayed via a policy statement from the Federal Trade Commission (FTC).
No law is being changed, but the move is expressly designed to “incentivize the use of age verification technologies,” and creates an environment where sites and services can more easily employ restrictive age checks online that may arguably violate the letter of the law.
If you were ever thinking of rolling out some legally questionable age restriction tech on a website, in other words, now is the time to give it a shot. The FTC now says it won’t enforce its rules against gathering children’s data as long as you only use their data for age verification and nothing else.
The Children’s Online Privacy Protection Rule (COPPA), passed in 1998, is not a regulation meant to govern age restriction rules directly. It focuses on what data about children under 13 a site can collect without parental permission. For instance, back in 2019, Google was fined $170 million for gathering the data of children who use YouTube and using it for ad targeting—a COPPA violation.
So if you’ve ever wondered why a popup asking when you were born, and enforced only by the honor system, is the only thing standing between you and an evil, evil, website about beer, the answer is COPPA. Simply asking someone to self-report their age doesn’t really produce any data personal enough that an advertiser would be tempted to buy it.
But last month, the FTC held a virtual event called an “Age Verification Workshop” in which panels had names like “Navigating the Regulatory Maze of Age Verification.” The FTC’s description said the event would focus on the “interplay between age verification technologies and the Children’s Online Privacy Protection Act (COPPA Rule).”
Legal commentators from the law firm Wiley Rein who attended the meeting wrote that Andrew Ferguson, Chairman of the FTC, said during the event “a possible amendment of our own COPPA rule that will promote the age verification technologies in compliance with COPPA” should be expected soon.
This latest development is not a regulatory amendment or rollback, however. In a press release, the FTC says it will essentially look the other way at data-gathering technology as long as it’s age-only, isn’t retained for a needlessly long time, is only disclosed to (apparently) trustworthy third parties, is used in conjunction with parental notification, and is kept safe.
“In the coming months, the Commission intends to initiate a review of the COPPA Rule to address age-verification mechanisms,” the policy statement says. So there might be a further slackening of this regulation coming soon.
