Editor's take: The ESRB has one job: rate games by maturity level based on content. So why did it involve itself in a proposal to add a new age verification system for parents to use to provide consent for data collection on their children? All that did was confuse the public about what facial age estimation is and how it would be used, leading to it getting shot down by the FTC.
The Federal Trade Commission has denied a petition to allow companies to use facial age estimation (FAE) technology to obtain parental consent when collecting data from children under 13, a requirement for the Children's Online Privacy Protection Act (COPPA). The FTC dismissed the application without prejudice, meaning the petitioners can re-file.
The Entertainment Software Rating Board (ESRB), SuperAwesome (COPPA-friendly youth-based advertising platform), and Yoti filed the petition last year. Yoti developed the facial age estimation platform that the group proposed. However, the public did not take kindly to the recommendation, prompting the ESRB to issue a statement explaining that news outlets misconstrued how the system worked.
Many in the media and public mistakenly conflated FAE software with facial recognition. Facial recognition systems, like those law enforcement sometimes uses, take a face scan from a picture or video and compare it to an extensive database of images to identify a person. These photos are often added to the database regardless of whether the system recognizes the face.
Facial age estimation systems do not try to identify a person. Instead, they scan various areas of the face and score them. The process repeats until it scores all facial traits, and then the final process uses these anonymous numbers to guess the age. Yoti's system isn't even that specific, as it only guesses whether the face is younger or older than 25, as stated on page 5 of the proposal.
Another part of the outrage was that people thought they would be required to provide a facial scan every time they bought an M-rated game online. Retailers are supposed to verify that buyers of mature games are at least 17. however, this issue is entirely unrelated to COPPA or the petitioned idea. The ESRB tried to sort out the confusion by denying both assumptions.
"First and foremost, this application is not to authorize the use of this technology with children. Full stop. Nor does this software take and store 'selfies' of users or attempt to confirm the identity of users," the ESRB told IGN when the initial dustup occurred. "Furthermore, this application makes no mention of using age estimation to prevent children from purchasing and/or downloading restrictively rated video games, nor do we intend to recommend its use in that way."
However, the explanation fell on deaf ears. The FTC's Tuesday decision seems primarily based on public commentary.
"After receiving more than 350 comments, the Commission voted 4-0 to deny the application without prejudice to the applicants filing in the future, when the Commission anticipates that additional information will be available to assist the Commission and the public in better understanding age verification technologies and the application."
The ESRB, SuperAwesome, and Yoti must present the proposal clearly and without conflating facial age estimation with facial recognition. The petitioners must also make the public understand that COPPA has nothing to do with the ESRB's rating system or M-rating restrictions. Knowing this, the ESRB should consider excluding itself from the petition rather than getting involved in matters outside its purview, like COPPA.