Audience Specific COPPA Compliance Approaches 101

In my continuing efforts to shed light on the issues surrounding the US COPPA law (16 CFR Part 312), this week I’m going to talk about the ways a game developer could approach complying with the COPPA law, based on the audience for their game.

As I’ve spent the last 9 months talking with game developers about the issues of children, privacy and gaming, I’ve come to understand that there are really four categories that a game can fall into, each with its own optimal COPPA strategy.  The key data point that splits the categories is the audience that the game is seeking.

Category 1: Child-focused games

It’s easy to answer the COPPA question for this category. The audience is definitely children so parental permission is definitely needed before capturing anything, running ads, or doing in app purchases. 

Category 2: General audience games that skew to children

Here’s where it gets sticky.  An example of this type of game would be “Angry Birds”.  While anyone can and does play the game, it’s certain that a good percentage of the users are children.  To be COPPA compliant, the developer should not show ads or capture any data until verifying that the user is 13 or older. If the user is a child, parental approval is required before any data can be captured. 

There are two ways of handling this quandary. You can offer the child a reduced feature version of the game or you can prevent the child from playing the game.  Both have their disadvantages, and this is not the only unpleasant decision you will have to make in your COPPA strategy.

Category 3: Adult-focused games that might be played by children

Here’s another sticky one. The example of this would be an adult role playing game with the ability to chat with other members and buy virtual goods.  As a developer, you really don’t want kids to be playing the game, but you know there are kids playing your game.  You don’t want to put an age gate on your game because it’s friction that your main audience will endure.  COPPA requires you to treat children with COPPA restrictions if you have “Actual Knowledge” of them.

Again there are several ways of dealing with this “no win” situation. You could do nothing, and hope that the FTC never examines your game and there is never a parental complaint.  Or you could use a service that can identify devices that parents have designated as being used by children under 13 and stop them from playing the game.  Services like AgeCheq provide this capability through an API.

Category 4: Adult only games and apps that definitely want to keep kids out

Like child-focused apps, these apps have no decisions to make – they just want to keep kids off. Examples include apps for dating, chat, social networking, gambling, and porn.  While these apps have no COPPA exposure because they exclude kids, it is desirable for them to prevent kids from using them, if possible.  Services like AgeCheq give these developers a simple API that they can use to block children on parentally identified devices.

If you'd like to educate yourself on COPPA, here's a page of history and links AgeCheq has created for game developers. To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions: http://www.ftc.gov/tips-advice/business-center/complying-coppa-frequently-asked-questions .  Because there are numerous “incomplete” versions on the web, I encourage you to always view the final, official text of the COPPA law, which can be found here: http://www.ecfr.gov/cgi-bin/text-idx?tpl=/ecfrbrowse/Title16/16cfr312_main_02.tpl