As I’ve stated in a previous blog post, the newly updated Children's Online Privacy Protection Act (COPPA) is not well understood within the game and app development industry and I'd like to improve that situation.
At the recent GDC/Next Game Developer / App Developer's convention in Los Angeles, I spent two full days talking to exhibitors and attendees about COPPA. The level of ignorance and misinformation I encountered was stunning.
Many professionals in the industry were not even aware of this new law that could easily put them out of business. Most that had some knowledge of it had erroneous or incomplete knowledge about the law and its potential impact on their businesses.
Only about 25% of the people I talked to were truly knowledgeable about COPPA and what it meant to them.
The purpose of this post is to improve game developer’s basic understanding of COPPA 2.0 (as I call the new law as updated on 7/1/2013). Over the next couple weeks I will follow-up with additional posts that look at other aspects of COPPA in an effort to dispel the most commonly help misconceptions and myths.
COPPA Codewords and Acronyms
Like many complex government projects, COPPA has codewords and acronyms used by "insiders" that make it easier to communicate about the law.
"Operator" - This odd term is used throughout the COPPA law to describe a company that "operates" a web site or a mobile app or game. COPPA 2.0 extends this definition to include any third party APIs that are accessed within an app or game, such as ad networks, analytics services, etc. We in the app industry might use the term "developer" or possibly "publisher", but COPPA uses "operator".
PII - "Personally Identifiable Information". This includes any user-related data or content that could be captured by an app. Examples include email addresses, IP addresses, screen names, VoIP IDs, social media account names, photographs, audio files, video, and geo-coordinates.
VPC - "Verifiable Parental Consent". COPPA 2.0 requires that publishers make a positive identification of the parent or guardian and get that person's "affirmative consent" before allowing a child 12 and under to download an app that collects any PII. The law is very specific in defining what constitutes VPC, and this is a major sticking point for every app and game publisher.
To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions regarding complying with COPPA: http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions