How to implement COPPA-compliant push notifications in your kids app

Push notifications are a useful tool for re-engaging users and getting kids back into your app. Under both COPPA and GDPR-K, sending push notifications to kids is deemed collecting personal information, similar to an email address, and therefore requires an appropriate level of parental consent to enable.

Continue reading

What every game developer needs to know about getting parental permissions right

If you’re building a game or app for kids (under-13 in the US or under-16 in Europe), you need to consider how you’re going to manage age gates and parental permissions. Both are essential to ensure compliance with data privacy laws (COPPA and GDPR-K), but both are complex user flows and mismanaging them can create barriers to engagement for your easily-distracted young audiences.

Here’s what you need to remember:

Continue reading

5 things game developers need to know about COPPA and GDPR-K

With 170,000 kids going online for the first time every day, developers have to consider them a likely audience for their games, even if they are not deliberately child-directed. Data privacy laws for children such as COPPA (US) and GDPR-K (EU) are now well known, but the lack of clear guidance on how to apply them can make publishing such games difficult and scary for developers.

Here are five things to keep in mind if you’re developing apps or sites for a children’s audience OR which might be accessed by children:

Continue reading

China rolls out data privacy law for children

In the last twelve months children’s data privacy law has expanded from what was just the US (COPPA) to covering all of Europe (under GDPR-K). But it’s not stopping there. Against many expectations, China has also introduced protection for children online.

Recently China published the Personal Information Security Specification which, together with the country’s new 2016 Cyber Security Law, establishes specific digital data privacy protections for children under the age of 14.

Continue reading

Five lessons from the report showing thousands of Google Play kids’ apps are in breach of COPPA

An academic study published this week reveals that thousands of kids’ apps are collecting and transmitting personal information to third parties, in possible breach of COPPA (and soon, GDPR-K).

 The research from academics at the University of California at Berkeley is the most comprehensive ever done to assess the data collection and sharing practices of the most popular kids’ games and apps, and the results were covered in The Guardian and elsewhere.

It demonstrates how hard it is to comply with COPPA using existing ad technology built for the adult market, vs kidtech that is based on zero-data collection.  And it usefully highlights the lack of common frameworks and standards between the regulators, the app stores and developers.

Continue reading

The GDPR-K Toolkit for Kids Publishers Part Six: Obtaining verifiable parental consent

Europe’s new data privacy law, the General Data Protection Regulation (GDPR), will be enforced from May 2018.  This law obliges all companies with consumers based in the EU to enable new data privacy protection. For websites and apps whose audience is primarily kids, additional requirements apply, commonly known as GDPR-Kids (GDPR-K).

Part Six of our comprehensive GDPR-K Toolkit covers collecting data and obtaining verifiable parental consent.

Continue reading

The GDPR-K Toolkit for Kids Publishers Part Five: Kid-safe user acquisition

Europe’s new data privacy law, the General Data Protection Regulation (GDPR), will be enforced from May 2018.  This law obliges all companies with consumers based in the EU to enable new data privacy protection. For websites and apps whose audience is primarily kids, additional requirements apply, commonly known as GDPR-Kids (GDPR-K).

Part Five of our comprehensive GDPR-K Toolkit covers acquiring new users and leveraging cross-promotion.

Continue reading

The GDPR-K Toolkit for Kids Publishers Part Four: Safely monetise your site or app

Europe’s new data privacy law, the General Data Protection Regulation (GDPR), will be enforced from May 2018.  This law obliges all companies with consumers based in the EU to enable new data privacy protection. For websites and apps whose audience is primarily kids, additional requirements apply, commonly known as GDPR-Kids (GDPR-K).

So far, we have covered auditing your technology partners, defining your audience and revising your policy notices. Now that you’ve covered the basics of compliance, we can look at how to maximise advertising revenue from your kids audience.

If you had previously written off your under-13 audience as ‘zero revenue’, think again.

Continue reading