As I’ve stated in previous blog posts, the newly updated Children's Online Privacy Protection Act (COPPA) is not well understood within the game and app development industry and I'd like to improve that situation.
At the recent GDC/Next Game Developer / App Developer's convention in Los Angeles, I spent two full days talking to exhibitors and attendees about COPPA. The level of ignorance and misinformation I encountered was stunning.†
Many professionals in the industry were not even aware of this new law that could seriously impact their business. Most that had some knowledge of it had erroneous or incomplete knowledge about the law and its potential impact on their businesses.†
Only about 25% of the people I talked to were truly knowledgeable about COPPA and what it meant to them.
The purpose of this blog post is to improve game developers’ basic understanding of COPPA 2.0 (as I call the new law as updated on July 1, 2013). Over the next couple weeks I will follow-up with additional posts that look at other aspects of COPPA in an effort to dispel the most commonly held misconceptions and myths.
Many game developers think they aren't subject to COPPA, and they are usually wrong. At GDC, I found a lot of game developers who thought COPPA didn’t apply to them. Most of them were dead wrong.
Here are the most commonly held misconceptions I heard from game developers:
“My game doesn't target kids 12-under so I'm not subject to COPPA.”
†Wrong! This is a very common misconception. Even if your game does not target kids, if you have actual knowledge or any reason to believe that kids 12-under are using your game, you are subject to COPPA. From a practical standpoint, if you publish a game and it's got 200,000 users, you probably have some kids playing it.† If your game or the third party APIs it uses captures any personally identifiable information (PII) whatsoever without prior parental consent, you are potentially on the hook for up to $16,000 per kid.
The law says FTC can use a totality of circumstances when determining if your game targets children or not.† They will make case-by-case judgment calls based on your marketing, look and feel, and the construction of the user experience.
“My game doesn't gather screen names or logins, so we're not subject to COPPA.”
Probably Wrong! The only time this would be right is if your game also never uses in-app purchases, analytics or other third party APIs, and doesn't display ads. In other words, if the game has no in-game monetization, it might not be subject to COPPA. Since most games in the app stores are free, very few games fall into this category.
“We have a parent approval button, so we're COPPA compliant.”
Wrong! See above "approval button" for a full explanation.
I’m hopeful that calling out these commonly help misconceptions around COPPA will capture the attention of game developers who have thus far ignored the law. In my next post I will address the harsh reality of what can happen to developers and publishers who don’t get COPPA compliant.
If you'd like to educate yourself on COPPA, here's a page of history and links we've created for game developers at AgeCheq.†To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions regarding complying with COPPA: http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions