FTC Won’t Bring Privacy Cases Over Age Verification Tech Data

The FTC has issued a narrow COPPA enforcement “safe harbor” around data used solely for age verification, but it is not a blanket waiver for privacy or other legal risks.

What the statement does

• The FTC says it will not bring COPPA enforcement actions against companies that collect children’s personal data without prior parental consent solely to deploy age‑verification technologies, according to a new policy statement approved 2‑0.

• The policy is intended to resolve the Catch‑22 where services may need to collect some identifiers to determine if a user is under 13 before they can obtain “verifiable parental consent” under COPPA.

Scope and limits

• The enforcement discretion is limited to data collection and use that is strictly necessary for age verification or age assurance; using the same data for targeted advertising, profiling, or broader analytics would still implicate COPPA and other laws.

• The statement does not amend COPPA’s text; it instead signals how the current Commission intends to exercise its prosecutorial discretion while it considers further COPPA rule changes that could codify an age‑verification exception with deletion requirements.

Practical implications for companies

• Operators of child‑directed services or services with actual knowledge of under‑13 users now have more regulatory comfort to test or adopt age‑verification tools, provided they implement strict data‑minimization, purpose limitation, and prompt deletion of verification data.

• Companies still face substantial privacy, security, and even speech‑related risks: age‑verification systems often depend on sensitive identifiers or biometric estimation, raising breach exposure and criticism that these tools create a “massive surveillance stack” around online access.

How it fits into broader FTC strategy

• The move tracks the FTC’s broader push to “promote the use of age verification technologies in compliance with COPPA,” following its January 28, 2026 Age Verification Workshop and the 2025 amendments to the COPPA Rule.

• Chair Andrew Ferguson and senior staff have repeatedly framed age‑verification tech as “the most child‑protective technology to emerge in decades” and indicated that both further policy statements and COPPA rule revisions are likely, potentially making safe‑harbor conditions more explicit.