Business July 28, 2023

Asking the FTC to approve facial age estimation for verifiable parental consent

profile picture Yoti 3 min read
Father and son using devices together

Together with the Privacy Certified program of the Entertainment Software Rating Board (ESRB) and Kids Web Services Ltd, a wholly owned Epic Games subsidiary, we are asking the Federal Trade Commission (FTC) for approval to implement facial age estimation as an authorised method for verifiable parental consent (VPC). The Children’s Online Privacy Protection Act (COPPA) requires companies to ensure they are not collecting personal data from children under the age of 13 without a parent’s consent. Currently, the COPPA Rule enumerates seven, non-exhaustive methods that enable parents to verify their consent. These include verification by government ID, credit card transaction, and a method that involves facial recognition, which is different from what we propose in our application.

We’d like the FTC to authorise facial age estimation as another VPC method to give parents and operators more choice in how parents can prove their age and grant consent. We are not seeking approval to implement this technology to check if children are old enough to purchase, download, and/or play a video game. Children are not involved in the age estimation process at all, which is designed to confirm that parents are adults, as required under COPPA.

We’d like to explain how the FTC application seeks to implement the technology in a way that is consistent with COPPA’s requirements for data minimisation, confidentiality and security.

  • Facial age estimation provides an accurate, reliable, accessible, fast, simple and privacy-preserving method to ensure that the person providing consent is an adult.
  • Facial age estimation is not facial recognition; it estimates a parent’s age without identifying them. It does so by converting the pixels of a facial image into numbers and comparing the pattern of numbers to patterns associated with known ages.
  • Facial age estimation does not create a database of faces. It doesn’t learn the user’s name, identity or anything about them. It does not scan their face against a database.
  • The technology is inclusive; it requires no collection of identity or payment card information.
  • It is accurate and does not show material bias among people of different skin tones. We have done extensive testing based on millions of facial scans and publish the accuracy levels transparently.
  • In our proposed application, facial age estimation is always presented as an option to parents alongside other approved methods of verification, providing the parent with a choice of methods.

If you have any questions about our FTC application, please get in touch.

Keep reading

An image of a teenager holding and using his mobile phone.
Articles December 10, 2025

Yoti helps platforms navigate Australia’s new social media age restrictions

Australia’s new age restriction laws for social media come into effect today, signalling a major shift in how online services must support age-appropriate access for younger users. As platforms prepare for increased regulatory scrutiny and tight compliance timelines, Yoti is enabling our social media partners to deploy trusted, privacy-preserving age assurance at scale. These reforms, led by the eSafety Commissioner, require major social media platforms to take ‘reasonable steps’ to stop under 16s from creating an account or using their services. There are no exceptions to this age limit, not even those with parental consent. The rules apply to

#age assurance#business
Amba Karsondas Amba Karsondas
3 min read
Zero trust authentication methods
Articles November 13, 2025

How strong authentication powers Zero Trust and protects against cyber threats

Until recently, organisational cybersecurity typically relied on a fortress mentality, by building a strong perimeter with firewalls and VPNs, and trusting everything inside. But in today’s digital world of cloud apps, remote work and hiring, supply chain integrations, virtual connections and sophisticated attacks, that approach is no longer enough. Once criminals breach the walls, they can often move freely and undetected. If a business can’t reliably confirm who’s accessing its systems, it leaves the door open for cyber criminals. When authentication is weak, malicious actors can: Steal employee or customer login credentials through phishing and use them to access

#authentication#business
Sofi Summers Sofi Summers
6 min read
A screen showing a Shopify site selling knives. An additional screen shows the different ways that customers can prove their age.
Articles November 7, 2025

Yoti age checks now available for Shopify stores

If you sell age-restricted products on Shopify, we’ve got good news. It’s now easier than ever to add secure, seamless age checks to your online store. Yoti has now officially integrated with Shopify – one of the biggest ecommerce platforms in the world. That means Shopify merchants can now offer fast, privacy-preserving age checks for their customers. If you’re selling alcohol, vapes, knives or other age-restricted items, this integration helps you meet legal requirements without adding unnecessary friction to your customers’ journey.   Why does this matter for Shopify merchants? Shopify powers millions of online businesses, including both independent

#age assurance#business
Amba Karsondas Amba Karsondas
5 min read