small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

FTC Approves New COPPA Verifiable Parental Consent Method That Relies on Knowledge-Based Authentication

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

FTC Approves New COPPA Verifiable Parental Consent Method That Relies on Knowledge-Based Authentication

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

Chicago

Related Topics

Children’s Privacy

Related Capabilities

Privacy & Data Security

January 21, 2014

The Federal Trade Commission recently approved Imperium, LLC’s proposed verifiable parental consent method under the Children’s Online Privacy Protection Rule (COPPA). COPPA requires an operator to obtain verifiable parental consent before collecting any personal information from children under 13 years old, subject to certain enumerated exceptions. As we have previously discussed, operators can obtain parental consent through certain options set forth in the FTC’s COPPA Rule. Under the revised COPPA Rule, entities may also submit a written request for Commission approval of methods not enumerated in 16 C.F.R. § 312.5(b), which approved methods become a part of the Rule (and thus available for all entities to use). Imperium’s proposed method for obtaining verifiable parental consent was to give an individual the opportunity to answer a series of “dynamic, ‘out-of-wallet,’ multiple-choice questions,” which, according to the Imperium request, is a technique financial institutions and credit bureaus have used for years to verify identity called knowledge-based authentication. The Commission approved the method, finding that it is reasonably calculated, in light of available technology, to ensure that the person providing consent is the child’s parent. Specifically, the FTC noted in its letter that appropriately implementing this method requires the following: “1) the use of dynamic, multiple-choice questions, where there are a reasonable number of questions with an adequate number of possible answers such that the probability of correctly guessing the answers is low; and 2) the use of questions of sufficient difficulty that a child age 12 or under in the parent’s household could not reasonably ascertain the answers.”

TIP: This is the first new parental consent mechanism the FTC has approved since the COPPA Rule change went into effect. The approval letter from the FTC indicates that knowledge-based authentication, “when conducted as set forth in this letter” meets the approval criteria for a new parental consent mechanism. 

 

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising