/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2026-02-27-19-23-56-971-69a1ef4c8e3a24fe05f7780b.jpg)
On February 25, the Federal Trade Commission (FTC) released an enforcement policy statement describing how certain general and mixed audience websites and online services can use alternative age-verification mechanisms without risking COPPA Rule enforcement.
Key Takeaways:
- The FTC views age verification technologies as “some of the most child-protective technologies to emerge in decades,” and encourages their development and use.
- To make that easier, the FTC won’t enforce the COPPA Rule against certain general or mixed audience sites and services that collect, use, or disclose personal information for age verification purposes, as long as the operator complies with all other aspects of the COPPA Rule.
- Another review of the COPPA Rule with a focus on age verification mechanisms is on the horizon.
We’ve previously discussed the Trump-Vance FTC’s emphasis on protecting children’s privacy and enforcing COPPA. At the same time, the agency has been vocal about its commitment to supporting new technologies. By helping facilitate adoption of age-verification technology, the policy statement seems to attempt to bridge both goals.
Specifically, the FTC will exercise discretion not to bring an enforcement action under the COPPA Rule if operators of general or mixed audience sites and services collect, use, or disclose personal information for the sole purpose of determining a user’s age via an age verification mechanism without first obtaining verifiable parental consent.
But, that comes with a caveat. Operators can only rely on this promise if they: don’t use or disclose the information collected via the verification process for purposes other than age verification; only disclose the relevant information to vetted third parties under contractual protections; delete information promptly following the age verification; note within their privacy policies that such information was collected for age verification purposes; have reasonable security safeguards in place for the information; take steps to ensure the chosen verification mechanism is reasonably accurate; and otherwise comply with all other aspects of the COPPA Rule.
And, importantly, the policy statement makes it clear that if an operator is not complying with its other COPPA requirements, they are not protected from enforcement.
In its related press release, the FTC also noted it “intends to initiate a review” of the COPPA Rule to address age verification mechanisms. We’ll be watching for that Federal Register Notice and opportunity to submit your comments. In the interim, the policy statement will remain in effect.
If you have any questions about this article or need assistance with FTC or COPPA matters, please reach out to our team members or your Reed Smith contact.