Age Ain’t Nothing but a Number, Unless You Are Collecting It for Age-Screening Purposes

Jan 14, 2020, 09:45 AM by BBB National Programs

Many of today’s tech-savvy children know that you must be at least 13 years old to use certain websites or mobile apps. This begs the question, is there a point to online age screening at all? 

The Federal Trade Commission (FTC) is asking the same thing in its recent review of the regulations for the Children’s Online Privacy Protection Act (COPPA). In its last review in 2013, the FTC added a new category to the definition of “an online service directed to children” that allows operators that do not target children as their primary audience to age-screen and only comply with notice and consent requirements for users under 13. COPPA does not tell operators how to age-screen but does provide guidance in its publication, “Complying with COPPA: Frequently Asked Questions.” In the current review, the FTC asks whether the Rule should be more specific about the appropriate methods for determining the age of users.

The BBB National Programs’ Children’s Advertising Review Unit’s (CARU) guidelines on online privacy were designed to go beyond COPPA. They provide details on how to age-screen using a neutral method that does not let kids easily evade the process. Although CARU’s Guidelines have been around for decades, operators continue to have difficulty understanding these seemingly easy requirements, and this issue remains the most prevalent among CARU’s online privacy case decisions.

CARU believes that age-gates are still effective for preventing younger children from getting access to services not meant for them and should remain in the COPPA Rule, but having an age gate should be the lowest bar for compliance with the law.

Companies should incorporate privacy-by-design and systematic procedures of trust and safety from the ground up. In its recent decision on the social media app SnapChat, CARU recognized the value of the company’s detailed and documented program which include effective in-app reporting tools and a robust compliance team to regularly monitor for underage users on the service.

New state and international laws show that the trend in privacy is to collect the least amount of information necessary to carry out the intended purpose. This has led CARU to reconsider its own recommendations which currently advise that age should be determined by collecting a full date of birth. Once the FTC has completed its review of the COPPA Rule, CARU will revise its own online privacy protection guidelines and continue to set high standards in the industry for best practices when collecting data from children online. CARU, in its capacity as an FTC-approved COPPA Safe Harbor, submitted comments to the FTC’s request for comments to the Rule which you can read here

 
The Children’s Advertising Review Unit (CARU), an investigative unit of the advertising industry’s system of self-regulation, has two missions: (1) to protect children from deceptive or inappropriate advertising in all media, and; (2) to ensure that, in an online environment, children’s data is collected and handled in a responsible manner. CARU is the first FTC-approved Safe Harbor Program and helps all companies protect the privacy of children online and meet the requirements of the Children's Online Privacy Protection Act (COPPA).

Suggested Articles

Blog

The 2000s Introduced the Internet and Influencers to Ad Law

The 2000s was a decade of change as online advertising exploded and, as a harbinger of things to come, the online environment became fertile ground for innovative ways to both communicate with consumers or, for the unscrupulous, take advantage of unwary consumers. The low barriers to entry allowed disrupters to enter the digital space and forced traditional marketers to compete in this space or be left behind.
Read more
Blog

For Developers: Get to Know the CARU Advertising Guidelines

The CARU Advertising Guidelines are widely recognized industry standards that help ensure advertising directed to children is fair and appropriate for its intended audience across any form of child-directed media. The CARU team outlines some key revisions to the Guidelines to which mobile developers should pay heed.
Read more
Blog

Getting Certified: Cisco Demonstrates Dedication to Customer Success through APEC Privacy Compliance

Cisco is an example of how a global company must navigate a variety of legal privacy regimes, while also being dedicated to leading the way on data privacy to maintain and further enhance a trusted relationship with its customers. To thread this needle, Cisco has chosen to rely on a third-party privacy certification offered by our team at BBB National Programs.
Read more
Blog

Lemon Law 101: Understanding the Law and Your Rights

If your vehicle is under warranty, lemon laws require your vehicle manufacturer to repair your vehicle. The federal lemon law, known as the Magnusson-Moss Warranty Act (“Mag-Moss”), and state lemon laws are in place to protect consumers from getting stuck with “lemons.” It is important to understand the difference between state and federal lemon laws as well as how you and your vehicle are covered under each.
Read more