AgeCheq Proposes Central Clearinghouse for Parental Consent

Developers are facing a quandary trying to comply with the Children’s Online Privacy Protection Act (COPPA), AgeCheq CEO Roy Smith told us. Because the law’s rules require any child-focused app or website to obtain parental consent before collecting any personal information from a child, this forces developers to interact with potentially millions of parents individually, Smith said. “What the problem called for was a central clearinghouse where a parent could create one account and all the developers could go to this and provide their information just once.” That’s what AgeCheq is proposing, he said.

Center for Digital Democracy (CDD) Legal Director Hudson Kingston isn’t buying it. “This application is fluff, and whatever actual information about how the underlying technology will or will not work has been glossed over in favor of a strange history lesson on COPPA,” he said in an email. “Applications like this likely shouldn’t be humored by the agency or published to the public for comment."

The FTC must approve new VPC methods under COPPA rules, the commission said. Current COPPA rules list several acceptable methods for online sites and services to gain parental permission before collecting children’s personal information, but the FTC can approve additional methods, it said.

Companies have been able to submit new VPC methods since the FTC’s updated COPPA rules took effect last summer (CD July 1 p12). An application is no assurance of approval; the FTC rejected AssertID’s contentious “social-verification method” and dismissed iVeriFly’s proposal to use Social Security numbers for verification, ruling it was a variation on existing approved methods. It did approve Imperium’s “knowledge-based identification” VPC method, which relies on questions about information that couldn’t be found in the average wallet (http://1.usa.gov/1cibTYS).

AgeCheq’s proposal is for a “consent management platform” on which parents can manage their consent for an “unlimited number” of their child’s applications or websites, according to the company’s application. The method “incorporates, but uniquely extends, tried and true (legacy) methods to verify parental identity by permitting real-time, device-specific verified enrollment of parents,” AgeCheq said. Smith compared it to PayPal, which is a middleman for e-commerce payments so buyers and sellers wouldn’t have to have numerous individual relationships, just one with PayPal.

Unlike previous VPC method applications, “we're not proposing a new method of capturing information,” Smith said. “The terms of identity are exactly what’s already proposed in the rule.” It should help the proposal avoid the pitfalls that downed AssertID’s application, he said. “We tried to stay inside the lines on that.”

Kingston sees the avoidance differently. “This is not a normal VPC, but a business model that looks a lot like the Safe Harbors which must comply with all the requirements of the COPPA Rule.” He said he expects the application to be neither approved nor denied, similar to what happened with iVeriFly. CDD was an opponent of the AssertID proposal. “If FTC does not stop companies from running unapproved Safe Harbors without fully complying with that more stringent standard, then COPPA will soon lose its effectiveness in the marketplace,” Kingston said.

For the FTC to reach that conclusion “would be specious,” Smith countered. The application highlights its differences from prior VPCs, Smith countered. “Our system is a real-time consent mechanism.” Because of the central platform, once a parent provides consent, children can be playing an app “within one second,” he said. “There’s nothing else like that that’s out there.”