In comments to the Federal Trade Commission, EPIC, the Center for Digital Democracy, and Fairplay urged the FTC to center privacy and data security risks as it evaluates Yoti Inc’s proposed face-scanning tool for obtaining verifiable parental consent under the Children’s Online Privacy Protection Act (COPPA).
In a supplementary filing CDD urges the Federal Trade Commission (FTC) to reject the parent-consent method proposed by the applicants Entertainment Software Rating Board (ESRB) and EPIC Games’ SuperAwesome division. Prior to any decision, the FTC must first engage in due diligence and investigate the contemporary issues involving the role and use of facial coding technology and its potential impact on children’s privacy. The commission must have a robust understanding of the data flows and insight generation produced by facial coding technologies, including the debate over their role as a key source of “attention” metrics, which are a core advertising measurement modality. Since this proposal is designed to deliver a significant expansion of children’s data collection—given the constellation of brands, advertisers and publishers involved with the applicants and their child-directed market focus—a digital “cautionary” principle on this consent method is especially required here. Moreover, one of the applicants, as well as several key affiliates of the ESRB—EPIC Games, Amazon, and Microsoft—have recently been sanctioned for violating COPPA, and any approval in the absence of a thorough fact-finding here would be premature.