*Please see PRIVO’s Permission Chart available for PRIVO members
The sliding scale provides a framework to provide various methods for identity verification and relationship assurance levels. For example, if a child is asked to provide an opt-in for push notifications delivered from the application server side, then a parent must be “notified” under COPPA and a student authorized under FERPA. If a child wants to enter a video contest where there submission will be made public or shared, under COPPA, they will need to get “full” verifiable parental consent, which means the parent may be asked to verify their adult status and provide some level of assurance they are truly the parent/guardian. The collection, use and disclosure or sharing of personal identifiable information (PII) from children under the age of 13, dictates the level of assurance placed on the parent consent that is processed by the operator.
PRIVO can register and authorize users at the feature (i.e. video contest, chat, push notifications) level. A feature can carry data attributes, verification tiers, and delivers against data minimization. Features that carry data that require “full” verifiable parental consent (VPC), such as behavioral advertising, will drive the verification options to present to the adult during registration. If there are no features in which “full” VPC is required, then the feature set would drive a lower level of verification. By tying the data to a feature and feature to a role, PRIVO can “slide” the scale of verification required for a given user. NOTE: This only works if the website and/or app can “gate” non-permissioned features (areas of their service).
When a user authenticates, PRIVO sends a Post-Back to the service in the form of a JSON reply, which contains the data permissioned to the service for the Role authenticating (based on the features collecting it) as well as the feature status (i.e. on or off etc.).