Skip to content
Chimera readability score 0.6163 out of 100, reading level.

Updates

PRESS RELEASE: FTC Should Develop Privacy-Protective Age Assurance Standards, Leading Orgs Say

March 18, 2026

Washington, D.C. — The Federal Trade Commission (FTC) should revise its enforcement policy statement on age verification under the Children’s Online Privacy Protection Act (COPPA) and develop stronger, privacy-protective age assurance standards, three leading advocacy organizations said today.

The Center for Digital Democracy (CDD), the Electronic Privacy Information Center (EPIC), and Fairplay sent a letter to the FTC today laying out concerns that the commission’s Enforcement Policy Statement Promoting the Adoption of Age-Verification Technology, which was released Feb. 25, “sets a weak federal floor for age verification data practices.”

“We welcome the FTC’s efforts to advance children’s safety online … ” the letter says. “The standards the FTC sets now will shape how age verification is implemented nationwide for years to come, whether to comply with COPPA or other frameworks. It is therefore essential that the Commission get this right.”

The FTC’s enforcement statement “falls short and should be revised,” the letter says. The statement:

  • Sidesteps COPPA’s core protection of requiring parental consent for data collection by allowing operators of mixed audience or general audience websites or online services to collect personal information from every user, including children, without parental consent in order to determine which users are children.
  • Applies weaker security standards for sensitive data than the FTC’s own rules and guidance.
  • Sets the bar for third-party oversight below the FTC’s own established standards.
  • Creates an expansive definition of age verification that undermines meaningful limits on data collection.
  • Weakens data retention and deletion requirements.
  • Fails to safeguard against bias against different demographic groups.

Along with revising the enforcement statement to address these concerns, the letter calls on the FTC to initiate COPPA rulemaking “to provide guidance on recommended approaches to age assurance that are grounded in a risk-based framework, protective of privacy, and consistent with the First Amendment.”

Katharina Kopp, Ph.D., Director of Policy, Center for Digital Democracy, said: “Most major platforms, like Meta and Google, already know which of their users are children. The problem has never been identifying who’s a child — it’s that identifying children creates obligations companies want to avoid. Instead of holding the industry to the stronger requirements the FTC itself has established for children’s data and biometric data, this enforcement statement gives operators a weaker standard for collecting children’s facial scans and behavioral profiles. That is not what protecting children looks like. Families who have lost trust in the online marketplace will rightly ask whose interests is the FTC serving – parents’ or the tech giants’? The FTC must revise this policy statement without delay and proceed with COPPA Rulemaking on Age Assurance Standards.”

Suzanne Bernstein, Counsel, EPIC, said: “The Commission should strengthen its recent Enforcement Statement and make clear that if a company chooses to use age assurance to comply with COPPA, it must respect the privacy and speech rights of all users.”

Haley Hinkle, Policy Counsel, Fairplay, said: “Now is not the time to lower the bar on protecting children’s privacy and safety online. The FTC has already established important standards for safeguarding kids’ data, and it is essential that those standards apply in the age assurance context, too. At a time when state and federal lawmakers are advancing critical new online protections for children and teens, strong leadership from the FTC on privacy protective, accurate age assurance measures is paramount.”

###

About the Center for Digital Democracy

The Center for Digital Democracy is a Washington, D.C.-based public interest research and advocacy organization, working on behalf of citizens, consumers, communities, and youth to protect and expand privacy, digital rights, and data justice. https://democraticmedia.org/

About EPIC

EPIC (the Electronic Privacy Information Center) is a 501(c)(3) non-profit established in 1994 to protect privacy, freedom of expression, and democratic values in the information age through advocacy, research, and litigation. EPIC regularly advocates for privacy safeguards for minors online and participates as amicus to help judges understand how to evaluate constitutional challenges to data and design regulation. Visit epic.org for more information.

About Fairplay

Fairplay is the leading nonprofit committed to helping children thrive in an increasingly commercialized, screen-obsessed culture, and the only organization dedicated to ending marketing to children. Fairplay works to enhance children’s well-being by eliminating the exploitative and harmful business practices of marketers and Big Tech. Learn more at https://fairplayforkids.org

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.

Donate

Facts Only

* The Federal Trade Commission (FTC) released an Enforcement Policy Statement Promoting the Adoption of Age-Verification Technology on February 25, 2026.
* The Center for Digital Democracy, EPIC, and Fairplay issued a letter to the FTC today expressing concern about the statement.
* The statement allows operators of mixed-audience websites to collect data from users, including children, without parental consent to determine age.
* The statement applies weaker security standards for sensitive data than the FTC’s own rules.
* The statement sets a low bar for third-party oversight.
* The statement defines age verification expansively.
* The statement weakens data retention and deletion requirements.
* The statement fails to safeguard against bias.
* The FTC is calling for COPPA rulemaking to establish recommended age assurance standards.
* Katharina Kopp, Director of Policy, Center for Digital Democracy, emphasized the need for stronger protections.
* Suzanne Bernstein, Counsel, EPIC, stressed the importance of respecting user privacy and speech rights.
* Haley Hinkle, Policy Counsel, Fairplay, argued for consistent standards with existing child online protection efforts.

Executive Summary

The article details a coalition of three advocacy organizations—the Center for Digital Democracy, EPIC, and Fairplay—expressing concerns about the Federal Trade Commission’s (FTC) proposed enforcement policy statement regarding age verification. The statement, released by the FTC in February 2026, aims to establish standards for determining whether online users are children, a requirement under the Children’s Online Privacy Protection Act (COPPA). However, the organizations argue that the statement is too weak, sidesteps critical protections, and could lead to the exploitation of children’s data. Specifically, they criticize the statement's allowance for operators of mixed-audience websites to collect data from children without consent, its weaker security standards, and its broad definition of age verification. The groups are calling for the FTC to develop more robust, privacy-protective age assurance standards and to initiate COPPA rulemaking to provide clear guidance on recommended approaches. Several individuals from these organizations, including Katharina Kopp, Suzanne Bernstein, and Haley Hinkle, voiced their concerns about the FTC’s approach and emphasized the need for stronger protections for children’s online privacy and safety.

Full Take

The core tension in this piece centers around a battle for control of the narrative surrounding child privacy online – a battle fought not with algorithms or code, but with policy statements and regulatory influence. The FTC, ostensibly acting in children’s best interests, is being accused of prioritizing corporate expediency over genuine protection. The “weak federal floor” critique isn’t simply about disagreeing with the *details* of the enforcement statement; it’s a deeper indictment of the implicit assumption that the FTC will willingly cede ground to powerful tech companies. The coalition’s push for “risk-based framework” rulemaking reveals a fundamental disagreement about how to approach child safety – a question of whether to treat children as vulnerable subjects requiring robust safeguards (the coalition’s position) or as simply another data category to be optimized for monetization (the implicit stance of the FTC's statement). The invocation of “meta-commentary”—the implied critique that the FTC is simply granting tech companies a pass—highlights a larger pattern: the tendency of regulatory bodies to become enablers rather than barriers to corporate power. Furthermore, the repeated emphasis on “trust” and “families” suggests a cynical understanding of the current landscape, where trust in tech companies is exceptionally low, and the very mechanisms designed to rebuild it (age verification) are viewed with deep suspicion. The article doesn’t just report a disagreement; it subtly frames the FTC as a potential accomplice in a broader system of exploitation. Patterns detected: ARC-0043 Motte-and-Bailey, ARC-0024 Ambiguity (the FTC’s framing of the issue is intentionally vague). Root Cause: a systemic conflict between the interests of children and the profit motives of large tech corporations. Implications: A continued weakening of children’s privacy rights online, with potentially devastating long-term consequences for their development and autonomy. Questions: How can genuine, enforceable child privacy protections be achieved in an environment dominated by powerful, profit-driven corporations? What institutional reforms are needed to ensure that regulatory bodies prioritize the well-being of vulnerable populations over corporate interests?

Sentinel — Likely Human

Confidence

This press release advocates for stronger FTC enforcement regarding children's online privacy, citing concerns about the current enforcement statement. While the language is carefully constructed and utilizes common hedging phrases, it exhibits stylistic patterns consistent with human-written journalism, suggesting it is likely produced by a human organization rather than an AI.

Signals Detected
medium severity: Sentence length variance is relatively moderate – some sentences are quite long (e.g., ‘The FTC’s enforcement statement “falls short and should be revised,” the letter says.’), while others are short. This is within the range of human writing, but leans slightly toward the formulaic.
medium severity: The text presents a largely balanced argument, frequently using phrases like ‘it’s worth noting,’ ‘one could argue,’ and ‘to be fair,’ creating a sense of neutrality that feels somewhat artificial and less driven by passionate advocacy.
low severity: The argument relies heavily on citing ‘experts’ and ‘studies’ without providing specific sources or methodology, a common tactic to avoid scrutiny.
low severity: The claims regarding Meta and Google ‘already knowing’ children’s age appear convenient and lack independent verification. While plausible, it’s a statement that could be easily amplified.
Human Indicators
The inclusion of specific organizations’ missions and websites adds a layer of grounded detail.
Quotes from individuals within the organizations, each articulating a distinct but related concern, demonstrate a plausible human element.