This week I’d like to look back at the past 12 months as they relate to protecting the privacy of the children who play our mobile games. Tuesday, July 1 will mark the one year anniversary of the updated Children’s Online Privacy Protection Act (I like to call it COPPA 2.0).
This law affects every game developer who targets kids under 13 or who might have kids under 13 playing their game. The penalties for not complying are draconian and could be career-ending. Yet very few of the games on the market today are compliant with this law, and other than me, very few people in the industry are even talking about it.
How did we get here?
COPPA was originally passed in 1998 and was focused on web sites. Twelve years passed with the law unchanged, and numerous enforcements, notably a $3M fine to Disney’s PlayDom subsidiary in 2011. But in 2010, noting the many advances in web-based behavioral marketing and of course the rise of the smartphone with its ability to capture a lot more personally identifiable information, the FTC began a process to update COPPA. After deliberations and comment from industry groups, the updated COPPA version was approved in December 2012, to become law on July 1, 2013.
Ad and app developer industry groups complained that July 1 didn’t give them enough time to change their technology to comply with the law, asking the FTC to delay to January 1, 2014. The FTC denied the request and the law went into effect as planned on July 1.
And then a funny thing happened… Nothing.
Major game developers didn’t announce their support for COPPA. Industry press ignored the standing law that potentially represented a “sword of Damocles” for the burgeoning mobile game industry. COPPA became the “colonoscopy” of the game development industry – everybody knew they had to have one, it was going to be unpleasant, but they didn’t want to talk about it or think about it before the scheduled appointment day.
In December, the Center for Digital Democracy filed a complaint with the FTC about Nickelodeon’s SpongeBob game, which it said captured PII from children without parental consent in violation of COPPA. Three months later, the CDD filed a follow up compliant requesting some sort of action. Since then, nothing. What happens when a government passes laws and then doesn’t enforce them? It weakens all laws because people begin to think they are not going to be punished since they aren’t going to get caught.
I don’t think that’s going to happen. COPPA, CALOPPA and similar privacy laws in other countries around the world are not going to go away anytime soon. And they will be enforced. The general public’s increasing interest in online privacy, the explosion of mobile devices and their ability to capture private information and the huge amounts of money being made by the top developers who target children; all of these trends point inexorably to a regulated future for the mobile gaming market that will leave behind the “wild west” days when you could just grab the data you needed and go.
Will the FTC announce something in time for COPPA’s first birthday? It will be very interesting to see.
If you'd like to educate yourself on COPPA2, here's a page of history and links AgeCheq has created for game developers. To learn more about COPPA directly from The Federal Trade Commission, check out this list of answers to frequently asked questions: http://www.ftc.gov/tips-advice/business-center/complying-coppa-frequently-asked-questions . Because there are numerous “incomplete” versions on the web, I encourage you to always view the final, official text of the COPPA law, which can be found here: