As online social gaming becomes more pervasive in the lives of children today, it is vital for video game providers to understand and comply with the Children’s Online Privacy Protection Act Rule (“COPPA Rule”).[1] The COPPA Rule applies to websites or online services directed to children under 13 years of age, and to operators of websites or online services that have actual knowledge that they are collecting personal information online from children under 13 (“operators”). It requires them to provide notice to parents and obtain verifiable parental consent before collecting, using, or disclosing personal information from children under the age of 13.[2] It also requires them to keep the information they collect from children secure, and prohibits them from conditioning a child’s participation in activities on the collection of more personal information than is reasonably necessary to participate in those activities.[3]
To facilitate compliance with the COPPA Rule, the Federal Trade Commission (“FTC”) reviews and approves “Safe Harbor” programs run by industry groups with guidelines that implement the COPPA Rule.[4] Being a member of a “Safe Harbor” program generally protects the member from potential sanctions and fines. The amended COPPA Rule now requires these “Safe Harbor” programs to audit their members and report the results annually to the FTC.[5]
There are currently six FTC-approved “Safe Harbor” programs. The most recently approved “Safe Harbor” program is kidSAFE’s Seal Program. kidSAFE offers a seal of approval program designed exclusively for kid-friendly websites and applications, including mobile apps, virtual worlds, kid-targeted game sites, social networks, and educational sites. kidSAFE can provide either a basic safety seal or a kidSAFE+ seal, which indicates that the member is compliant with basic safety rules plus the COPPA Rule as amended on July 1, 2013. In addition to complying with kidSAFE’s basic safety rules, a member must satisfy the following requirements to obtain a kidSAFE+ safety seal:
- Become a paid member of the kidSAFE Seal Program
- Implement a neutral age screening mechanism (when used)
- Notify parents and obtain prior verifiable consent from a parent when required by the COPPA Rule
- Give parents access to their child’s personal information
- Protect the integrity and security of a child’s information
- Post a COPPA-compliant privacy policy
- Cooperate with the kidSAFE Seal Program’s oversight and enforcement mechanism.
For the full text of kidSAFE’s Seal Program Certification Rules, please click here.
Another “Safe Harbor” Program applicable to video game providers is the Entertainment Software Rating Board (“ESRB”). The ESRB, which focuses on interactive and/or child-oriented sites, has expanded its privacy seal certification program to include compliance with COPPA. The ESRB offers a free ESRB Privacy Certified new member company assessment. Members certified by ESRB can obtain assistance with their privacy policies and disclosures, monitoring and review of their websites and services, compliance reports, and discounted rates for identity verification services. Membership fees for ESRB’s Privacy Certified Program are on a sliding scale based on a member’s annual revenue.