If you’re a developer of kids apps, there are certain rules and regulations you must adhere to in order to operate your business and be listed in various app stores. These rules span multiple areas, such as app content, data collection, and ad content. In our recent comprehensive guide on kids app development, we explore the different compliances — such as The Child Online Privacy Protection Act.
COPPA, or The Child Online Privacy Protection Act, issued by The United States Federal Trade Commission (FTC), is considered as the international standard for data collection in apps aimed at minors aged 13 and younger. COPPA is the highest law of the land for kids apps, and no one is exempt.Contrary to popular misconception, COPPA relates directly to data collection, and not the content of apps or ads.
Data collection restrictions
Developers cannot collect, store or use minors’ personal or device data in any way (unless with parental consent), which includes behavioral and retargeting ads.
Communication restrictions
Communicating with minors inside and outside of the app, such as ingame chats or push notifications, are not allowed.
Parental consent
Apps must publish a privacy policy accessible to parents or guardians of kids using the apps.
Consequences of COPPA non-compliance:
- Lawsuits
- Shut down of apps
- Loss of reputation
- Fines
Disney has repeatedly come under fire for illegally collecting data in their apps, most recently being accused of collecting comprehensive data in 42 of their titles without parent/guardian consent. While this case is ongoing, a Disney subsidiary was previously fined $3 million dollars by the FTC for COPPA violations.
Kiloo and SYBO Games are also facing a class action lawsuit for violating COPPA in their game, "Subway Surfers". Not only is the litigation targeting the studios responsible for developing the game, but also the ad networks that were purchasing and/or using the information from the game.
Cases like these illustrate the importance of complying with COPPA regulations. The consequences for developers who violate the rules can be dire, such as the loss of revenue and the trust of parents and guardians.
With more COPPA-compliant ad networks out in the market nowadays, it has become easier for kids apps developers to monetize with in-app advertising. Some also have settings to filter ads unsuitable for children from being served. You can find the list of COPPA-compliant ad networks within the e-book.
Developer’s Checklist: COPPA
✔ Get direct parent or guardian consent before collecting, using or storing personal data from minors, including: name; geolocation; physical address; online contact information; phone number; photo, video, or audio recording of the child; device persistent identifiers;
✔ Get direct parent or guardian consent before employing push notifications, or in-game chats, forums, and other communication features;
✔ Note that the only acceptable way to collect statistics with persistent identifiers without parental consent is if you are unable to distinguish users from one another using the data;
✔ Collect only data necessary to the successful function of your app;
✔ Use age gates to distinguish minors from adults, so that opting in or out of data collection can only be accomplished by adults;
✔ Do not use behavioral targeting across apps without parent or guardian consent;
✔ Create and provide easy access to a privacy policy which outlines what information is being collected, how it will be used, and who it will be shared with;
✔ Provide parents or guardians all of the following, and explain how to exercise these options in the privacy policy:
- If you collect specific and substantial information on your users - such as to populate profiles - access to their children’s data, with the ability to review and delete it:
- The option of prohibiting you from sharing collected data with third-parties
- The ability to opt out of any further data collection or usage;
✔ Review this compliance plan from the FTC;
✔ No more than cartoon-ish or “slapstick” violence;
✔ No inappropriate language for the youngest audience; only infrequent mild language is accepted for ages 7+;
✔ No nudity allowed in apps for the youngest audience; PEGI allows for non-sexual nudity in ages 7+, while the ESRB allows for minimal suggestive themes for ages 10+;
✔ Both PEGI and ESRB have “content descriptors” which are used to depict when an app contains any of the following: Bad Language, Discrimination, Drugs, Fear, Sex, Violence. Avoid all of this content for smooth sailing through the content approval processes.
?To learn more about COPPA and other regulations, please download our free e-book.
?We also kindly remind you to update your Appodeal SDK to 2.1.7 version, as well as your FAN SDK. You can find the details on our blogpost.
