This week at the annual WWDC event in San Francisco, Apple announced a new iOS feature called “Family Sharing” that offers families the ability to easily share photos, calendars, and even app store purchases. One aspect of the Family Sharing service is a feature called “Ask To Buy” in which parents can set up the family accounts so children must get approval from the parent prior to making a purchase in either the app store or inside an app.
Readers of this blog may recall my January 16 post entitled “The FTC Judgment against Apple… was this the first COPPA 2.0 Fine?”. I concluded that the $32.5M FTC fine against Apple was NOT a COPPA issue, but in fact was a “Deceptive Business Practices” issue, and the “Fine” was actually an FTC mandated refund to parents whose children went wild with app store purchases after parents provided their password.
I believe the Ask to Buy feature in iOS8 is a direct response by Apple to give parents more control over the purchasing activity of children who share their account. I applaud Apple for adding this feature because it solves a real problem for parents.
Since yesterday’s announcement, our emails and phones at AgeCheq have been ringing off the hook with game developers breathlessly asking us (paraphrasing) “Doesn’t this Family Sharing thing get us off the hook for COPPA?” “Can we just ignore COPPA now?” “Hey are you guys going out of business now?”.
Of course, the answers are No, No, and emphatically … No.
Just like the January Apple judgment, the child purchasing approval issue is related to COPPA because it’s about apps, children and smartphones, but it has nothing to do with COPPA. The Apple announcement says nothing about verifiable parental identification, layered app privacy disclosures, parental privacy dashboards or parental revocation, all requirements of COPPA 2 (as we call it) compliance.
As we approach the one year birthday of COPPA 2, the game development industry continues to wait for the “other shoe to fall” with the public announcement of an FTC enforcement. We are quite surprised that such an announcement has not happened yet, but we must remember that legal and governmental affairs move at a much slower pace than our lightspeed mobile app industry. It’s unthinkable that the US government would pass such an important law and then never enforce it. It’s coming. It really is.
How can you prepare your game company for the “COPPA day of reckoning”?
Design new games with privacy in mind (The FTC calls it “Privacy by Design”). Make sure you only capture information that the game absolutely requires to fulfill its design. Consider how your new games will deal with children under 13 and integrate an age gate into the game design. If your game monetizes with ads, do some research on your ad networks to see what private information they capture, and ask them to verify that they will delete captured data if and when you get a request to revoke permission from a parent.
Here’s my message to mobile game developers: The FTC is definitely going to enforce COPPA2. If you prefer that the press (and I) not be writing about your FTC woes a few months from now, take steps today to make your games COPPA2 compliant.
If you'd like to educate yourself on COPPA2, here's a page of history and links AgeCheq has created for game developers. To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions: http://www.ftc.gov/tips-advice/business-center/complying-coppa-frequently-asked-questions . Because there are numerous “incomplete” versions on the web, I encourage you to always view the final, official text of the COPPA law, which can be found here: