In the first half of 2019, with Google rolling out a new set of developer policies, the U.S. children’s privacy law COPPA drew great attention among the developer community, and they react with prompt reflections upon their practices concerning children.
So, what does COPPA regulate, and how does it affect developers? In this article, let’s find out.
What is COPPA, do I must comply?
COPPA, the Children’s Online Privacy Protection Act, is enacted in 1998. It is “the first U.S. privacy law written for the internet”, and is also the first children’s online privacy protection act in the U.S. Under COPPA, data collection from children under the age of 13 is forbidden unless with explicit consent from their parents.
Though being a U.S. law, COPPA is applicable to mobile apps/websites/online services fall under any of the following cases:
1) Subject to the jurisdiction of the U.S.;
2) Hosted on U.S. servers;
3) Headquartered in U.S. territories;
4) Involved in commerce in the U.S. or its territories.
In other words, as long as a company acquires users from the U.S. or is involved in online business in the U.S., it should comply with COPPA rules.
For any violation, the U.S. Federal Trade Commission (FTC) has the right to impose a fine for up to 200 million US dollars. Needless to stress further, COPPA has strong binding force and impact since its enforcement.
App stores step up efforts, boosting full application of COPPA
To create safe and friendly environment for children, mobile app stores have all rolled out policies to push forward COPPA compliance among game and utility developers.
Apple’s App Store review guidelines stipulate that apps in its Kids Category should explicitly declare the age group of their target audience, and must be made specifically for kids ages 5 and under, ages 6-8, or ages 9-11.
Google updated its Families policy and Designed for Families program requirements in May 2019, asking all developers to comply with the updated policies by September 1st, 2019, otherwise their apps might be removed from the Google Play store if fail to complete the Target Audience and Content section of the Google Play Console.
Meanwhile, developers using IAA (in-app advertising) are required by both App Store and Google Play to only display ads that comply with corresponding classification policies. Developers should make sure the ads are appropriate for children and are from Google Play certified Ad Networks, and comply with COPPA and the EU General Data Protection Regulation (GDPR).
COPPA renovating the mobile advertising industry
With COPPA and app stores’ policies, developers and their partnering Ad Networks face higher requirements.
Ad Networks must collaborate with developers to complete compliance with COPPA, and make sure SDK’s data practices (including collection and use) comply as well. According to COPPA rules, the work of an Ad SDK in a compliant game app need to involve three steps:
1. Collect information
Developers need to verify whether the user is under the age of 13, and whether COPPA is applicable. If yes, they need to include a parental consent obtaining process in the SDK, a direct notice of information collection, and also to inform if the collected information shall be share with any third parties such as Ad Networks.
In addition, developers should maintain the confidentiality, security, and integrity of information they collected from children (only retain the information for only as long as is necessary to fulfill the purpose for which it was collected, and delete when the reasonable time is due), supervise partnering third parties to maintain information’s confidentiality and security likewise.
2. Design ad placements
AdTiming asks developers to use compliant ad formats and design reasonable placements. Please be reminded that below ads violate the rules.
In a previous article, we introduced common ad formats to help developers grasp what compliant ad placements are, read the details here
3. Display ads
Apart from abiding by the classification rules, Ad SDKs should also only display contextual-based ads rather than interest-based ads to children under 13.
- Interest-based targeting is a common practice in mobile advertising, by collecting and analyzing information about user’s interest, to display personalized ads;
- Contextual-based targeting means not collecting information about user’s interest, on the contrary, it displays targeted ads based on the app’s type or the category it is in, such as children/education apps, children e-commerce apps/products, children movies, etc.
Meanwhile, according to the rating rules, ads can be separated into four categories with different content labels, i.e. G
-general audiences (content suitable for all audience), PG
-parental guidance (content suitable for most audiences with parental guidance), T
-teen (content suitable for teen and older audiences), and MA
-mature audiences (content suitable only for mature audiences). Developers and Ad Networks should both screen out ads that are inappropriate for children.
AdTiming is committed to protect user privacy
User privacy nowadays is a huge global cyber security issue, whilst the protection of children’s privacy in particular is often neglected. To better protect children’s privacy and help foster a healthier children’s game market, AdTiming strictly abide by COPPA rules throughout our products and operations. We’d also like to remind developer friends to be compliant with relevant rules and laws, as well as the policies of Ad Networks you use.
We have also completed GDPR compliance, holding fast to data protection and fair use. Be the target audience adult or children, AdTiming is readily prepared and devoted to safeguarding developers and their development.