The Entertainment Software Rating Board (ESRB), in partnership with Yoti and SuperAwesome, have submitted an application to the Federal Trade Commission asking it to approve the use of “Privacy-Protective Facial Age Estimation” technology in obtaining parental consent under the Children’s Online Privacy Protection Act Rule. The FTC, in turn, is asking for public comment, including feedback about whether the proposed method meets COPPA’s requirements and whether the collection of biometric data poses a privacy risk to consumers.
The ESRB is known for its COPPA safe harbor program, while Yoti is a digital identity company, and SuperAwesome is a provider of digital engagement products for children. Yoti’s age estimation technology has been integrated into SuperAwesome’s Kids Web Services, a developer tool that facilitates parents’ authorization for the collection of their children’s personal information through a process known as “Verifiable Parental Consent”. The companies clarified that SuperAwesome is offering Yoti’s age estimation technology as one of the available age verification methods in certain countries.
COPPA mandates that online platforms and services targeted at children under the age of 13 must obtain verifiable parental consent before collecting or using any personal information from these young users. The Rule offers various accepted methods for obtaining parental consent, and it allows interested parties to propose innovative verifiable parental consent methods to the FTC for consideration and potential approval.
The safe harbor program established by the ESRB, meanwhile, is a voluntary self-regulatory initiative designed to assist companies in complying with COPPA requirements. By joining the ESRB’s safe harbor program, online platforms and services can follow a set of industry guidelines and best practices that have been pre-approved by the FTC as meeting the COPPA requirements. This means that if these companies adhere to the ESRB’s guidelines, they are deemed to be in compliance with COPPA, thus benefiting from a “safe harbor” and avoiding potential FTC enforcement actions for non-compliance.
To assess the effectiveness and compliance of the proposed age estimation technology and its impact on user privacy, the FTC has issued a Federal Register notice soliciting feedback from the public. The notice includes inquiries about whether the new mechanism aligns with existing COPPA requirements, whether it poses any potential risks to user data, including biometric information, and how it compares to other approved consent methods. Individuals have until August 21, 2023, to submit their comments, and all feedback will be made publicly available on Regulations.gov.
The FTC emphasizes that the publication of the Federal Register notice is a standard procedure required by the Rule and does not indicate any formal endorsement or approval of the proposed mechanism. The Commission will conduct a thorough review within 120 days and will provide its conclusions in writing.
July 24, 2023 – by the Mobile ID World Editorial Team