Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 31, 2014
arrowPress Releases
October 31, 2014
PR Newswire
View All
View All     Submit Event

If you enjoy reading this site, you might also want to check out these UBM Tech sites:

Some Thoughts on Kids, Privacy and Data Collection
by Carla Engelbrecht Fisher on 12/27/12 04:13:00 pm   Expert Blogs   Featured Blogs

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.



In the early days of COPPA – the Children’s Online Privacy and Protection Act, which went into effect in 2000 – we literally had parents faxing permission forms to our office at Highlights for Children. (And guess who had to manually enter all of the zillions of email addresses?) We needed permission because our site collected and utilized personal information at various points. The experience we created tracked basic metrics on web usage, so we could figure out how long the average sessions were, where they went in the site, and occasionally how many messages they were posting.

At the far more complicated end of the spectrum, fast forward to 2007ish when Natalie and I were working on a project called iREAD (interactive reading experience with adaptive delivery) at Sesame Workshop, which was a partnership with Wireless Generation and funded by the Department of Education Ready to Learn program. We collected data, with the permission of parents and teachers, that was so detailed that we could see the children’s patterns of errors between the letters “b” and “d.”

Data also allowed us to understand a small portion of the population who had errors that were through the roof. At first glance, it looked like they were pretty bad at some specific literacy skills. But thanks to the data, we could look at their patterns of answering. In some cases, the children systematically selected the answers in order, so if the correct answer was at the bottom of the list, they had a high number of errors. The other kids were systematically selecting all the **wrong** answers first and the correct answer last. In effect, they were getting 100% correct, but in the backward way. (Cognitively, it’s pretty hard to make sure you always get the wrong answers out of the way first.)

The data helped us identify outliers and then we were able to investigate why they were in that category. In that particular case, it turns out the kids were actually not at risk with regard to their reading skills, whereas the intervention was designed for at risk students. We were effectively boring those kids, and they decided to mess around with the system instead. If we didn’t have the data, we might not have made that realization.

Today data is a double-edged sword. The advanced and ever-connected nature of technology means there’s amazing data to be collected, from basic demographic information to extensive behavior metrics. When adult’s data is in the mix, the moral high ground insists that we at least declare that we’re collecting the data. In the case of children, we must ask parents permission, even if the laws haven’t yet caught up to the latest technology scene.

That’s the problem. The laws aren’t up to date, which means the temptation to collect this data on the sly is high. Oversight and laws are limited, and those that do exist are subject to wide interpretations. A recent New York Times article discussed the findings of a recent Federal Trade Commission report – of 400 Android and iOS children’s apps reviewed, only 20% disclose data collection practices.

In a time where the FTC is about to revise the COPPA ruling for today’s technology, it doesn’t bode well for life getting easier for those of us who wish to collect data in any way, shape, or form. The FTC is expected to strengthen the ruling, and some of the possibilities could be downright stifling for innovation based on data collection, personalization, and adaptive learning.

The most horrifying misuse of data that I’ve seen lately was also in the New York Times article – Delta is being sued by the attorney general’s office of California for their lack of data collection notification. What is Delta collecting from me, among other users? My personal information, like my name and email address, but also my location and photographs. Photographs? Really, Delta???

We’ll have to wait and see where the FTC settles in their COPPA revision, but in the meanwhile I have a message to share to developers and parents. (The last time I made a statement to developers in my in-app purchases post, I was scolded by developers for not pointing out the parents’ responsibility as well.)

Developers, don’t be greedy idiots about the data you collect. A privacy policy is a matter of best practice. One that accurately states your practices should be a no-brainer. Otherwise, you’re making life difficult for the rest of us who are truly looking out for the best interests of our audience.

Parents, while it’s not always easy to know exactly what data is being recorded, it is our responsibility to arm ourselves with information. If you’re unsure about the policies of a particular program, trust your instinct or stick with the trusted sources.

As for Delta and the others who we thought we could trust to do the right thing, at least we have the California attorney general’s office to look out for us!

If you want another good Times article on mobile app transparency, check this one out.  Otherwise, have a very happy holidays from all of us at No Crusts and we’ll see to you in 2013! Feel free to give us a yell at or on Twitter @noCrusts.

Read more:

Related Jobs

Next Games
Next Games — Helsinki, Finland

Senior Level Designer
Magic Leap, Inc.
Magic Leap, Inc. — Wellington, New Zealand

Level Designer
Grover Gaming
Grover Gaming — Greenville, North Carolina, United States

3D Generalist / Artist
Demiurge Studios, Inc.
Demiurge Studios, Inc. — Cambridge, Massachusetts, United States

Lead System Designer


Maurício Gomes
profile image
Heh, I probably would be one of the kids that select all wrong replies first on purpose...

But excepting that random info, this is a good article, and important.

I work with children apps, and I don't get why so many developers abuse their power, specially regarding advertising (ie: collecting info of the children to setup targeted advertising is wrong on several levels).

Maria Jayne
profile image
I've always felt data mining comes too easily in this industry, it's become so smoothly integrated that we probably don't even notice how quickly and easily we give it up to play games. We've spent our money, we want to play the game when we are at our computer, we've already committed to giving up our data and to give it up "right now" so we can get the entertainment we already spent money on in the past.

I was discussing this problem with a friend a few weeks ago, data you collect without earning it becomes data you don't value, it seems most companies care more about losing their data with staff searches and over zealous fire wall protection for their own employees than the masses of account information they mine just to give you permission to play that game you already paid for.

In some ways it does benefit the players granted, it's not entirely a one way street. It's especially useful in quantity for things like beta tests, collecting system specs and judging how important a bug is on the priority list. Most of that however, is data that is "quid pro quo" you sign up for a beta test and you volunteer your information for the chance to play a free game that would otherwise require money for similar access. I have no issue with this sort of 50/50 arrangement, it benefits everyone.

My issue is more that when you buy a retail game, the company that sells that game to you has no right to collect your data. We've already paid for the game, installed it and so the opportunity to say "no you can't have my data" is mostly forfeit. Granted the opportunity is still there legally but it isn't is it? you'd have to spend more money and effort to return it when you could just jump through the extra hoops and give up your data and get that game you already spent money on.

In my country, when you register with a groceries chain of stores, they record your spending habits so they can see what you buy from their stores, how often you shop, what deals are relevant. The companies that run these stores recognize the huge value in this information so they reward consumers giving that data with money off coupons, special deals and promotional leaflets that make it again, a "quid pro quo" situation.

When you buy a video game, and you have to register an account and give up your details....where is the "quid pro quo" in this situation? You bought their game and now they want your personal details too....why would they respect your data when you have to pay them to pass it on? Where is the respect and value to the customer from that? The answer I feel points to the spate of account hacks and server intrusions most companies experienced from LoL and other hackers.....they didn't value the data so it wasn't protected to the same standard as the companies own data.

Anyway, this is specifically regarding children so I'm a little off topic, I did immediately feel that data protection should be held to equal standards at all ages though. There is no age when giving up more information makes you less vulnerable to exploitation.