The present disclosure relates generally to the field of parental consent, e.g., for purposes of COPPA compliance, and more particularly, to a system and method which enable Internet service or content providers to verify parent or guardian consent in connection with the online collection of information from children under the age of 13 and their online participation.
The Children's Online Privacy Protection Act (COPPA) regulates the online collection of personal information from children less than 13 years of age. The primary goal of the COPPA Rule is to give parents control over what information is collected from their children online and how such information may be used. The Rule applies to operators of websites and online services directed to children under 13, as well as to general audience websites that knowingly collect personal information from children under 13.
The method currently in use for compliance is typically “email plus.” The “email plus” mechanism allows a website operator to request that the parent provide consent in an email message. However, this mechanism requires an additional step after receiving the parent's email consent to confirm that it was, in fact, the parent who provided consent (the “plus” factor). These additional steps include: (1) requesting in the initial email seeking consent that the parent include a phone or fax number or mailing address in the reply email, so that follow up is possible to confirm consent via telephone, fax, or postal mail; or (2) after a reasonable time delay, sending another, confirmatory email to the parent to confirm consent, wherein the confirmatory email contains all of the original information contained in the direct notice and informs the parent that he or she can revoke the consent as well as how to revoke the consent. This method is very open to fraud and imposes considerable administrative costs on the web site owner. In addition, the “email plus” mechanism of obtaining parental consent is only available to operators that collect personal information for internal use only.
In December 2012, the Federal Trade Commission (“FTC”) issued final amendments to the COPPA Rule, the first extensive revision by the FTC since COPPA become effective in 2000.
The FTC's amendments include the following revisions and clarifications:                Modified or expanded definitions of the terms “operator,” “personal information,” and “website or online service directed to children.”        The definition of “personal information” in COPPA has been expanded to include not only traditional data points (e.g., name, address, email address, etc.), but also IP addresses, device identifiers, website cookies, internal customer ID numbers (such as a panelist ID), geolocation information, screen names/user names, photographs, video, and audio containing a child's image or voice, and mobile device unique identifiers.        the definition of “collects or collection” has been updated to include of passively collecting personal information from children online, irrespective of the technology used and not merely personal information that is mandatory to participate.        A new compliance option is available for a subset of websites and online services that are considered “directed to children,” but do not target children as their primary audience in which the COPPA Rule applies only to visitors who self-identify as under age 13; whereas, websites or online services whose primary target audience is children must continue to presume that all users are children.        In additional to traditional websites and online services, third parties such as mobile application developers, software plug-in developers, and advertising networks that gather information from children under 13 are also responsible for obtaining parental permission before allowing children to use their services.        
Thus, it would be desirable to provide an online parental verification system and method which provides a streamlined mechanism for providing notice and obtaining parental consent as well as providing a mechanism for parents to withdraw consent or manage their children's accounts.