Please excuse the sensational headline, but the newly updated Children's Online Privacy Protection Act (COPPA) is not well understood within the game and app development industry and I'd like to improve that situation.
At the recent GDC/Next Game and App Developer's convention in Los Angeles, I spent two full days talking to exhibitors and attendees about COPPA. The level of ignorance and misinformation I encountered was stunning.
Many professionals in the industry were not even aware of this new law that could conceivably put them out of business. Most that had some knowledge of it had erroneous or incomplete knowledge about the law and its potential impact on their businesses.
Only about 25% of the people I talked to were truly knowledgeable about COPPA and what it meant to them.
The purpose of this first blog post is to improve game developers' basic understanding of COPPA 2.0 (as I call the recently updated version of this law). Over the next several weeks I will follow-up with additional posts looking at other aspects of COPPA in an effort to dispel the most commonly held misconceptions and myths.
FACT: There are actually two COPPAs
The original COPPA was proposed in 1998 and enacted in April 2000. It was created to protect the privacy of children aged 12 and under as they used the Internet, which was just becoming mainstream at that time.
COPPA 1.0 (as I refer to the original law) has been aggressively enforced. In December 2008, Sony BMG Music paid a $1 million fine. In May 2011, Disney paid $3 million for violating COPPA and misrepresenting the private information it collected.
Most recently, in March 2013, Path paid $800,000 for collecting private data from children under 13. Keep in mind, Path's violation was of the original COPPA 1.0, because COPPA 2.0 was not in force in March 2013.
COPPA 2.0 became the law of the land on July 1, 2013. I believe it will be enforced as aggressively as COPPA 1.0 was, but there have not been any huge FTC fines handed out as of December 2013. In my opinion, large COPPA 2.0 fines are coming; it is just a matter of time.
FACT: COPPA 2.0 was specifically created to address private information collected by mobile games and apps.
As smartphones and tablets rose to prominence in the late 2000's, they offered advertisers and publishers numerous new ways to secretly gather information on their users, and new ways for users to provide personally identifiable information (PII).
The new COPPA 2.0 law forces app and game developers to pay close attention to the way they collect, use, and provide PII to third parties. And this is where it gets serious.
I’m hopeful that this general overview of COPPA facts will capture the attention of game developers who have thus far ignored the law.
To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions regarding complying with COPPA: http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions