COPPA: It’s not just about fines… and it’s not going away

As I’ve stated in previous blog posts, the newly updated Children's Online Privacy Protection Act (COPPA) is not well understood within the game and app development industry and I'd like to improve that situation.

At the recent GDC/Next Game Developer / App Developer's convention in Los Angeles, I spent two full days talking to exhibitors and attendees about COPPA. The level of ignorance and misinformation I encountered was stunning. 

Many professionals in the industry were not even aware of this new law that could easily put them out of business. Most that had some knowledge of it had erroneous or incomplete knowledge about the law and its potential impact on their businesses. 

Only about 25% of the people I talked to were truly knowledgeable about COPPA and what it meant to them.

I’ve spent several posts attempting to improve game developers’ basic understanding of COPPA 2.0 (as I call the new law as updated on July 1, 2013). Over the next couple weeks I will follow-up with additional posts looking at what can happen when game developers don’t pay attention to COPPA and ways developers can take action to get compliant before it’s too late.  

FACT: If you are cited by the FTC for COPPA violations, you'll likely also have to submit to annual privacy audits for up to 20 years.

Beyond the financial impact of a fine that can get as high as $16,000 per child user, there are tertiary damages to your business that will happen if you fail to comply with COPPA and are caught. 

You will be required to delete any personally identifiable information (PII) that you captured on underage users, and so will any third party service that your app used that captured PII - that includes ad networks, analytics services, push messaging services, in-app purchase services, gamification badge and leaderboard services, user retention and engagement optimization services, any third party API your app uses that captures data. 

Your brand could be dragged through the mud as a "bad actor" on the issue of privacy. Beyond all that, the FTC typically requires violators to submit to annual privacy audit for many years (20, in the case of Facebook).

FACT: Ignoring COPPA won’t make it go away.

Unfortunately this seems to be the strategy adopted by many of today's leading game developers. The law has been in effect since July 1, and the FTC has shown its willingness to levy huge fines in the past.

It took four years for COPPA 2.0 to be ratified and passed. Given the recent productivity of our government, it's unlikely that COPPA will be repealed or changed any time soon. No lobbying group wants to be put in the position of lobbying AGAINST child privacy protection.  

With COPPA 2.0, the FTC has already surveyed the market and found that most apps don't even have privacy disclosures, and the ones that do have them are usually flawed.  The FTC can pick and choose which companies they want to prosecute and levy with big fines.

Once that happens, the professional game development industry will give COPPA the attention it deserves.

If you'd like to educate yourself on COPPA, here's a page of history and links we've created for game developers at AgeCheq. To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions: http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions