Verifiable Parental Consent

Under COPPA, consent obtained from parents using methods reasonably calculated to ensure the person providing consent is the child's parent, required before collecting personal information from children under 13. COPPA requires 'verifiable' consent because merely asking someone to confirm they're a parent isn't sufficient—operators must make reasonable efforts to ensure the consenter truly is the parent. Acceptable verification methods depend on how the information will be used: for internal use only, email-plus confirmation (email to parent with confirmatory second step) may suffice; for public disclosure or third-party sharing, more robust methods are required including credit card verification, government ID check, video conferencing, or answering knowledge-based questions. The FTC recognizes that perfect verification is impossible but expects operators to use methods that, in light of available technology, are reasonably likely to ensure the consenter is the parent. Organizations subject to COPPA should: implement appropriate verification methods based on planned information use, clearly explain to parents what's being collected and why, provide parents ongoing access to their children's information, and maintain records of consent verification.