Washington, D.C. — The Federal Trade Commission announced new guidance Tuesday signaling that it will not pursue enforcement actions under the Children’s Online Privacy Protection Act (COPPA) against certain websites and online services that collect personal information solely to verify a user’s age.
The move is intended to encourage the use of age verification technologies, which can help parents monitor children’s online activities while ensuring compliance with COPPA. The law requires websites and services directed at children under 13—or those that knowingly collect information from children—to notify parents and obtain verifiable parental consent before collecting personal data.
“Age verification technologies are some of the most child-protective technologies to emerge in decades,” said Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection. “Our statement incentivizes operators to use these innovative tools, empowering parents to protect their children online.”
Under the policy, general-audience and mixed-audience operators may collect, use, or share personal information strictly for age verification without prior parental consent, provided they:
- Limit use of the information solely to determining age.
- Retain the data only as long as necessary and delete it promptly.
- Share information only with third parties that can safeguard it, backed by written assurances.
- Provide clear notice to parents and children about the information collected.
- Implement reasonable security measures.
- Ensure age verification methods or third-party services are reasonably accurate.
The FTC said the guidance will remain in effect until the agency reviews and potentially amends COPPA to explicitly address age verification technologies.
