Today we have an important guest blog post from our friend and partner Andrew Smith, Director of Developer Education, AgeCheq. Please see below and let us know what you think!
If you are in the business of creating games or apps that have an online component to them, you may be familiar with the Children’s Online Privacy Protection Act. It is oftentimes called by its acronym COPPA pronounced “COP-puh”. This law is enforced by the U.S. Federal Trade Commission and regulates whether an online service may collect personal information from a child under 13.
This law has been around for over 10 years. It was originally written to apply to websites, but now includes many mobile apps and games that use advertising. Recently it was revised to expand the definition of Personally Identifiable Information (PII). This information can be used on its own or in conjunction with other information to identify, contact, or locate a single person, or to identify an individual in context. It includes not only specific information about an individual such as their name or address, but also information linked or linkable to an individual, such as medical, educational, financial and employment information. For example, a device’s IP address used in a communication exchange is classed as PII regardless of whether it may or may not on its own be able to uniquely identify a person.
The concern is that although some of this information alone seems harmless, when combined with other data this information can be used to identify someone. For example, in 1990 Latanya Sweeney proved that 87% of the population of the United States could be uniquely identified by gender, ZIP code and full date of birth.
COPPA 2.0 considers all the following to be Personally Identifiable Information:
- Child’s Name, Screen Name, or User Name
- Telephone Number or Social Security Number
- Photographs, Videos, Audio or Geolocation
- Physical Address or Online Address
- Any Persistent Identifiers – including cookies
Online services may collect this information from children under 13 by disclosing to parents what is being collected and getting their verifiable permission.
The penalties for not complying with COPPA can be steep. The law gives regulators the option to fine companies up to $16,000 per user. Both Yelp and TinyCo were recently fined hundreds of thousands of dollars each for violations of the updated version of COPPA. More fines and settlements are rumored to be in the works.
Complying with COPPA can be challenging. The FTC’s rules are different depending on a game or app’s target audience. For example, a game meant for kids must assume that all users are under 13 and get verifiable parental consent before collecting any PII.A game that targets a larger audience that might include children under 13 may ask users their age and then only deal with getting parental consent to collect PII on those users that self-identify themselves as children. If you are still confused, consider a service like AgeCheq to help make your game or app become COPPA compliant.
AgeCheq was founded in 2013 to provide tools that help mobile device users manage their private data that is captured, stored and even provided to third parties. Our focus is on facilitating compliance with the COPPA.
AgeCheq’s service dramatically reduces the effort required to comply with the COPPA rules for both parents and publishers. The service is platform-agnostic and can be integrated into an existing app, tested, and posted to the app store within a day.
About the Author:
Andrew Smith is the Director of Developer Education at AgeCheq. Andrew loves helping developers create great mobile apps and games.