Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 23, 2014
arrowPress Releases
October 23, 2014
PR Newswire
View All
View All     Submit Event

If you enjoy reading this site, you might also want to check out these UBM Tech sites:

July 1, 2014 - Happy Birthday, COPPA!
by Roy Smith on 06/26/14 09:49:00 am   Featured Blogs

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.


This week I’d like to look back at the past 12 months as they relate to protecting the privacy of the children who play our mobile games. Tuesday, July 1 will mark the one year anniversary of the updated Children’s Online Privacy Protection Act (I like to call it COPPA 2.0).

This law affects every game developer who targets kids under 13 or who might have kids under 13 playing their game. The penalties for not complying are draconian and could be career-ending.  Yet very few of the games on the market today are compliant with this law, and other than me, very few people in the industry are even talking about it.

How did we get here?

COPPA was originally passed in 1998 and was focused on web sites.  Twelve years passed with the law unchanged, and numerous enforcements, notably a $3M fine to Disney’s PlayDom subsidiary in 2011. But in 2010, noting the many advances in web-based behavioral marketing and of course the rise of the smartphone with its ability to capture a lot more personally identifiable information,  the FTC began a process to update COPPA. After deliberations and comment from industry groups, the updated COPPA version was approved in December 2012, to become law on July 1, 2013. 

Ad and app developer industry groups complained that July 1 didn’t give them enough time to change their technology to comply with the law, asking the FTC to delay to January 1, 2014. The FTC denied the request and the law went into effect as planned on July 1.

And then a funny thing happened…  Nothing.

Major game developers didn’t announce their support for COPPA. Industry press ignored the standing law that potentially represented a “sword of Damocles” for the burgeoning mobile game industry.   COPPA became the “colonoscopy” of the game development industry – everybody knew they had to have one, it was going to be unpleasant, but they didn’t want to talk about it or think about it before the scheduled appointment day.  

In December, the Center for Digital Democracy filed a complaint with the FTC about Nickelodeon’s SpongeBob game, which it said captured PII from children without parental consent in violation of COPPA.  Three months later, the CDD filed a follow up compliant requesting some sort of action.  Since then, nothing.  What happens when a government passes laws and then doesn’t enforce them? It weakens all laws because people begin to think they are not going to be punished since they aren’t going to get caught. 

I don’t think that’s going to happen.  COPPA, CALOPPA and similar privacy laws in other countries around the world are not going to go away anytime soon.  And they will be enforced. The general public’s increasing interest in online privacy, the explosion of mobile devices and their ability to capture private information and the huge amounts of money being made by the top developers who target children; all of these trends point inexorably to a regulated future for the mobile gaming market that will leave behind the “wild west” days when you could just grab the data you needed and go.

Will the FTC announce something in time for COPPA’s first birthday? It will be very interesting to see.

If you'd like to educate yourself on COPPA2, here's a page of history and links AgeCheq has created for game developers. To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions: .  Because there are numerous “incomplete” versions on the web, I encourage you to always view the final, official text of the COPPA law, which can be found here:

Related Jobs

WB Games
WB Games — Kirkland, Washington, United States

Principal Technical Artist
Demiurge Studios, Inc.
Demiurge Studios, Inc. — Cambridge, Massachusetts, United States

Senior Software Engineer
CCP — Newcastle, England, United Kingdom

Senior Backend Programmer
Guerrilla Games
Guerrilla Games — Amsterdam, Netherlands

Animation System Programmer


John Paduch
profile image
Contrast this with the fact that once-great shows like GDC had panels like "How to safely monetize teens" and "Why Whales Sing", and you have an industry primed for catastrophe.

Hell, the former is the kind of thing I'd expect to see in an article describing the back-story of a criminal arrest.

Roy Smith
profile image
It's definitely an impending train wreck that we're trying to keep from happening. But we need the FTC to do some enforcement before anyone takes the law seriously.


Tanner Mickelson
profile image
So if I want to add in-app purchases of some sort is it enough to pop up a message for younger players asking for their parent's permission before buying an item? Or do I have to go all out and implement a parental control system that requires a parent password in order for kids to buy in-game items? I'd like to release with in-app purchases, but I don't want to get COPPAd to death for implementing them.

Roy Smith
profile image
If you want to use IAP and you know the user is under 13, you have to use COPPA techniques to make sure you are getting the parental permission from the parent. If you aren't sure the user is under 13, you can age gate and then treat U13 with COPPA. What we have done is built an infrastructure that allows you to do that pretty easily.

Tanner Mickelson
profile image
Okay that sounds easy enough, what if a user lies about there age though? Does COPPA have anything to handle a case like that? I know that a lot of kids will put their ages as 18 or older when creating gaming accounts, because certain online features get blocked for them (Battlefield and other EA games used to do this, not sure if they still do).

Javier Degirolmo
profile image
From what I gather from the COPPA FAQ, you can blindly trust what the user says (but as soon as you're notified the user lied you're required to take action immediately).

Tuomas Pirinen
profile image
I am seeing more and more apps asking the person if they are teen or older before starting the game. But of course no-one is going to bother even with that if no-one is interested in enforcing this law. It seems to me their (extremely limited) action is very focused on a very, very few, very child-centric products.