Last week, I had a chance to chat briefly with Dan Nelson, whom I met at Hatch Match 2013 while he was in mid-pitch for his idea, KPass. NYC-based KPass has now officially launched as a startup, and I learned more from Dan about his plans to provide a parental authorization service for online sites seeking COPPA compliance.
To refresh memories, web sites that focus their content on kids below the age of 13 generally need to comply with the federal Children’s Online Privacy Protection Act or COPPA. You can read more about the rules here. In short: a website that collects personally identifiable information or PII from minors must first gain consent from the parents. Federal definitions of PII vary by law–see for example, HIPAA–but COPPA’s includes name, address, online identifiers, granular geolocation, photos, and other sensitive data.
I write about PII on another channel, so I can say with some confidence that COPAA has fairly advanced notions of identity in the Internet era. This is great news for kids–Mr. Rogers would approve–but less so for kids-oriented companies.
COPPA compliance is an administrative headache for online services, which either avoid the whole issue by gearing their content for teens (and asking subscribers to confirm they are 13 and above) or else simply not collecting PII. Neither of these is a desirable option for digital entertainment and educational sites that truly want to focus on the primary school-age market and make this into a business.
That’s where KPass steps in. It will allow parents to control their children’s PII from a single location. Dan tells me the service will support something similar to OAuth, giving adults a convenient one-click way to approve the use of their child’s PII for a website while meeting COPPA’s rules.
KPass would require FTC approval, and there are other players out there with applications to this agency.
In other words, it’s a big market and companies are scrambling to establish themselves.
Photo credit: Flickr