The FTC just handed Big Tech a massive loophole allowing them to collect children’s personal data without parental consent—all under the guise of “protecting” kids online.
Story Snapshot
- FTC creates enforcement exemption allowing companies to collect kids’ data for “age verification” without parental consent
- Policy represents dramatic departure from COPPA’s 1998 framework requiring parental approval before any child data collection
- Companies must meet six conditions to qualify for safe harbor, but verification mechanisms remain vague
- FTC plans formal COPPA Rule review, signaling permanent regulatory changes ahead
FTC Creates New Pathway for Collecting Children’s Data
The Federal Trade Commission issued a February 25, 2026 policy statement creating enforcement flexibility for companies collecting children’s personal information under the Children’s Online Privacy Protection Rule. The FTC announced it will not pursue enforcement actions against website operators who collect, use, or disclose personal information from minors solely for age verification purposes without obtaining verifiable parental consent first—provided specific conditions are met. This represents a significant shift from COPPA’s traditional requirements, which have mandated parental consent before any personal information collection from children under 13 since the law’s 1998 enactment.
Six Conditions Create Compliance Safe Harbor
To qualify for the FTC’s enforcement safe harbor, operators must satisfy six specific requirements. Companies cannot use or disclose age verification information for any purpose except determining user age, must delete data promptly after verification, and can only share information with third parties who maintain confidentiality and security safeguards. Operators must provide clear notice in privacy policies about age verification data collection, employ reasonable security measures, and take steps to ensure verification methods provide reasonably accurate results. The policy statement passed with a 2-0 Commission vote following a January 28, 2026 FTC workshop on age verification technologies.
Regulatory Shift Raises Privacy Concerns
This policy creates a troubling precedent by establishing limited-purpose data collection exceptions to COPPA’s parental consent requirements. While FTC officials characterize age verification as “some of the most child-protective technologies to emerge in decades,” the framework allows companies to collect sensitive personal information from children before parents even know it’s happening. The vague standard requiring “reasonably accurate results” provides minimal concrete guidance, leaving interpretation largely to companies and third-party verification providers. Parents who’ve fought against Big Tech’s invasion of family privacy should question why the FTC is now opening doors for data collection from their children without explicit parental approval first.
Permanent COPPA Changes Planned
The FTC explicitly stated its intention to initiate a formal review of the COPPA Rule to address age verification mechanisms, indicating this temporary policy statement represents just the beginning of permanent regulatory changes. The statement will remain effective until final rule amendments are published in the Federal Register or until withdrawn. This creates uncertainty for families concerned about children’s online privacy, as the regulatory framework protecting kids from data harvesting faces fundamental restructuring. Companies now face a complex landscape where federal enforcement flexibility increases even as multiple states implement their own youth privacy requirements and constitutional challenges remain unresolved.
FTC Chair Andrew Ferguson emphasized during the January workshop that age verification serves as a “tool” for compliance rather than creating new obligations. However, this framing conveniently ignores that the tool itself requires collecting the very personal information COPPA was designed to protect. Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, praised the policy for incentivizing “innovative tools” while empowering parents—yet parents lose the fundamental right to consent before their children’s data gets collected. The policy’s emphasis on removing enforcement uncertainty primarily benefits companies seeking to deploy age verification systems while shifting privacy risks onto families who must trust that operators will follow the six conditions without robust oversight mechanisms.
Sources:
FTC Issues Policy Statement on Age Verification Technologies Under COPPA – Mayer Brown
FTC Announces COPPA Policy Enforcement Statement – JD Supra
FTC Makes COPPA Exception for Data Collected for Age Verification Process – Biometric Update
FTC Announces COPPA Policy Enforcement Statement and Forthcoming Rule Review – Wiley Law
