Presentation is loading. Please wait.

Presentation is loading. Please wait.

COPPA: CHILDREN'S PRIVACY, YOUR GAME, AND THE CHANGING ONLINE LANDSCAPE MONA IBRAHIM SENIOR ASSOCIATE INTERACTIVE ENTERTAINMENT LAW GROUP

Published byFrancis Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "COPPA: CHILDREN'S PRIVACY, YOUR GAME, AND THE CHANGING ONLINE LANDSCAPE MONA IBRAHIM SENIOR ASSOCIATE INTERACTIVE ENTERTAINMENT LAW GROUP"— Presentation transcript:

1 COPPA: CHILDREN'S PRIVACY, YOUR GAME, AND THE CHANGING ONLINE LANDSCAPE MONA IBRAHIM SENIOR ASSOCIATE INTERACTIVE ENTERTAINMENT LAW GROUP MIBRAHIM@IELAWGROUP.NET MIBRAHIM@IELAWGROUP.NET 425.998.7013

2 WHAT IS COPPA? Children Online Privacy Protection Act of 1998 Effective since the year 2000 Enforced by the Federal Trade Commission (FTC) Designed with consumer protection in mind Grants parents control over the information collected from children online

3 WHAT COPPA IS NOT Not a censorship measure– does not regulate website content or limit the information that can be collected through a website or online service; Not grounds for a private cause of action– only the federal government can enforce COPPA; Not designed to capture online predators, nor is it a crime fighting tool Not international law

4 ELEMENTS OF COPPA: WHO MUST COMPLY You must comply with COPPA notification and data protection/disposal regulations if: You run a website or online service that: Collects “personal information”, allows other third parties (apps and plug ins) to collect personal information, or you are the third party; Is directed towards children under the age of 13; or Is directed towards a general audience, but you have actual knowledge that you collect information from the under 13 demographic

5 ELEMENTS OF COPPA: WHAT IS AN ONLINE SERVICE? Websites and online services include mobile apps and game platforms with online components; Plug-ins Ad networks

6 ELEMENTS OF COPPA: DIRECTED TO A YOUNGER AUDIENCE No hard and fast guidelines to determine whether a game or website is “directed to children under the age of 13”; Factors taken into consideration include Use of animation/cartoons Nature of the content Child-oriented activities Age of models Presence of child celebrities or characters/celebrities that appeal to kids

7 ELEMENTS OF COPPA: PERSONAL INFORMATION If you collect any of the following end user information you may need to comply with COPPA: Full name Home or other physical address, phone number, social security number Screen name or user name that enables direct contact with the user (via VOIP, e-mail, IM, direct message) Photos, videos, or audio files containing a child’s image or voice Geolocation information Persistent identifiers– cookies, IP addresses, processor or device number or identifier

8 ELEMENTS OF COPPA: “COLLECTION” != STORAGE “request”, “prompt” or “encourage” the submission of information– submission need not be mandatory (e.g., “sharing” functions) Passive online tracking Enables information to become public, unless measures are taken to remove personally identifying information before content is published

9 DEVELOPER CHECKLIST: DO I FALL UNDER COPPA REGULATION? Ask yourself this: Are your games directed towards a younger audience? Do you collect user information through your website or ask users to create a username/account/profile? Are other service providers, such as ad networks, web hosts, plug in or add on providers, able to collect information through your website/game? If your game is designed for an older/general audience, do you ask age oriented questions– date of birth, highest level of education achieved, etc.

10 FAILURE TO COMPLY: PENALTIES FTC enforcement actions; Parents, competitors, etc. can submit complaint to FTC for investigation; Can be enforced by both states and other federal agencies; Penalty fees: up to $16,000 per violation; COPPA can apply to foreign entities if you distribute your game to US audiences

11 DEVELOPER’S CHECKLIST: IF COPPA APPLIES Check your documentation! EULA TOS/Privacy Policy (website, forums) NDAs Employee handbook Confidentiality policies Non-competes Vendor agreements

12 COPPA COP-OUT: ESRB SAFE HARBOR FTC has granted “safe harbor” status to ESRB privacy certified sites and products; Sites and service providers protected by a safe harbor are subject to far less scrutiny; For more information: http://www.esrb.org/privacy/index.jsphttp://www.esrb.org/privacy/index.jsp

13 WHAT DOES COPPA COMPLIANCE LOOK LIKE? Your privacy policy should include: List of all third parties and operators that may collect information through your site/game; Description of the personal information collected and how it’s used; Description of parental rights Your privacy policy should NOT include: Promotional materials and unrelated information; Contradictory or confusing language; “legalese”

14 PARENTAL RIGHTS If you fall under COPPA regulation you MUST tell parents the following: You won’t require children to provide any information that is not strictly necessary; They can review the information collected and ask you to delete it, or refuse to permit further collection; They can permit use for the designated purpose, but may prohibit you from sharing that information with third parties; Procedures to follow to exercise rights

15 PARENTAL RIGHTS: PROCEDURES Notification should happen BEFORE information is collected; Notification must be DIRECT– via e-mail is standard. You can’t just send them a link to the privacy policy; Make sure you’re actually communicating with a parent or guardian What the notice to parents includes depends on why you’re contacting them. COPPA covers four contingencies: You’re collecting a child’s information; You’re voluntarily contacting parents concerning child’s online activities that do not involve information collection; You’re contacting the child through child’s online contact information, but you are not otherwise collecting information; and You’re collecting the child’s information for the child’s own safety and is not used for any other purpose

16 PARENTAL RIGHTS: NOTICE Notice should include (generally): Statement that parent’s contact information has been collected from the child and why; Statement that parental consent is required before you will collect child’s information; Identify the personal information that will be collected from child if parent consents; Link to your privacy policy State the means of verifiable consent permitted; If consent isn’t given in a reasonable amount of time, parent contact information will be deleted

17 PARENTAL RIGHTS: VERIFIABLE CONSENT Acceptable methods: sign a consent form and send it back to you via fax, mail, or electronic scan; use a credit card, debit card, or other online payment system that provides notification of each separate transaction to the account holder; call a toll-free number staffed by trained personnel; connect to trained personnel via a video conference; or provide a copy of a form of government issued ID that you check against a database, as long as you delete the identification from your records when you finish the verification process.

18 PARENTAL RIGHTS: EMAIL PLUS Sometimes game developers only collect personal information for internal purposes– bug fixes, customer support, etc. If this is the case you have more flexibility re: compliance and verifiable consent. E-mail plus: Request consent via e-mail, if consent is granted to must follow up with a call, letter or e-mail at a later time. In all cases parents must be given the option to: Change/delete personal information; Revoke consent

19 AGE SCREENING Rated “E” for Everyone a good example of when age screening may be relevant; If your game or website qualifies as “directed to children” you cannot use age screening to bar children under 13 from playing the game/using the site; Age screening must take place before any other personally identifiable information is collected.

20 THIRD PARTIES: ADS AND PLUG INS If implementing ads, third party apps, or plug ins in your game/site: You must know what information they will collect; If they collect personal information you must disclose this activity in YOUR privacy policy You must provide a list of third party operators collecting personal information; You may have a single entity/individual handle inquiries on behalf of all operators

21 THE 2013 AMENDMENT What changed? Expansion of “personal information”: Screen names, user names, or account creation that enables direct messaging to the child; Photographs, video, audio; Geolocation; “identifiers” such as cookies, mobile device IDs, IP addresses. Clarifies role of “age-screening” Increases methods for obtaining verifiable consent Increases number of exceptions from parental consent requirements Holds websites and service providers responsible for third party collection and sharing activities Regulates data storage and deletion

22 INFORMATION COLLECTION BEST PRACTICES Only collect information you actually need; Frequently review third party operator collection activities– due diligence here is a must; Make sure third parties have the ability (and warrant that ability) to keep information confidential and secure; Only keep information for as long as you need it; Securely dispose of information once you’re able to get rid of it; Make sure your employees and contractors are aware of their obligations under COPPA

23 QUESTIONS? http://www.ielawgroup.net Twitter: @MonaIbrahim Skype: MonaAIbrahim mibrahim@ielawgroup.net

Download ppt "COPPA: CHILDREN'S PRIVACY, YOUR GAME, AND THE CHANGING ONLINE LANDSCAPE MONA IBRAHIM SENIOR ASSOCIATE INTERACTIVE ENTERTAINMENT LAW GROUP"

Similar presentations

FERPA - Sharing Student Information

FERPA - Sharing Student Information
Family Educational Rights and Privacy Act (FERPA) Basics For Faculty and Staff.

Family Educational Rights and Privacy Act (FERPA) Basics For Faculty and Staff.
Protection of privacy for all Students!

Protection of privacy for all Students!
PRIVACY CONSIDERATIONS Privacy for Children Under 13 1 February 2013.

PRIVACY CONSIDERATIONS Privacy for Children Under 13 1 February 2013.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Family Educational Rights and Privacy Act What you need to know...

Family Educational Rights and Privacy Act What you need to know...
Protect Yourself from Your Customer Kristin A. Stedman, AAP Senior Vice President Education Services 1 © 2014 TACHA. All Rights Reserved.

Protect Yourself from Your Customer Kristin A. Stedman, AAP Senior Vice President Education Services 1 © 2014 TACHA. All Rights Reserved.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
FARMINGTON AREA PUBLIC SCHOOLS SUMMER TECHNOLOGY ACADEMY AUGUST 18TH, 2010 Web 2.0 Tools.

FARMINGTON AREA PUBLIC SCHOOLS SUMMER TECHNOLOGY ACADEMY AUGUST 18TH, 2010 Web 2.0 Tools.
Motor Fuels IFTA/Intrastate E-File

Motor Fuels IFTA/Intrastate E-File
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.

The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
Per Anders Eriksson

Per Anders Eriksson

Similar presentations

Ads by Google