More objections were raised to a company’s first-of-its-kind...
More objections were raised to a company’s first-of-its-kind parental verification service proposal that would fall under an FTC safe-harbor provision of the Children’s Online Privacy Protection Act rule. Three companies participating in COPPA safe-harbor programs said in separate comments that…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
AssertID’s proposal uses an untested way of verifying the identity of a parent of a child under 13 seeking to register with a website or mobile app. The comments were posted on the agency’s website under file No. P135415 after the comment period ended Friday (http://1.usa.gov/1fcZett). Two privacy groups had also objected to the plan (CD Sept 24 p11). The companies said AssertID’s proposal to check a parent’s social network on Facebook to confirm the parent’s identity covers uncharted territory. An executive at AssertID had no response, and had said the privacy groups’ concerns weren’t based on accurate information. “Given the untested nature of the ConsentID method in practice” and “the secret nature of the formula it employs, much more detailed commentary on the validity or efficacy of the method is effectively precluded,” said Aristotle, one of five FTC-approved safe harbor providers (http://1.usa.gov/16rk8BC). “AssertID has not adequately explained how using Facebook friends can stand in for verification.” Privacy Vaults Online said social verification is a “just developing” area, and the U.S. and EU nations are debating what it is. The FTC shouldn’t “tie its decision to a proprietary method,” said the COPPA safe-harbor provider (http://1.usa.gov/18qcOlQ). The agency and National Strategy for Trusted Identities in Cyberspace “may be called upon to define exactly what social verification is and establish the parameters within which it must operate to meet the NSTIC Guiding Principles and be accepted among the United States’ global trading partners,” said Privacy Vaults. “Choosing a proprietary method at this early stage risks preempting this much larger policy discussion that is taking place on the global stage.” Veratad Technologies doesn’t think AssertID reasonably calculated its primary method, said that online age and verification provider (http://1.usa.gov/1bGxz1M). “This approach to verification is entirely reliant on self-reporting, and may be colloquially described as the ‘I am who I say I am because I said so’ approach."