How changes in US Internet law can make life difficult for Russian game developers and game platform operators

Habravchane, hello. The other day, due to the nature of my professional activity, I ran into a problem that is practically not covered in RuNet. We are talking about changes to the US Children's Online Privacy Protection Act or COPPA, which affect foreign website operators, especially gaming, if they are visited by users from the United States.

What is COPPA

COPPA is not a new thing. This federal law entered into force in 2000 and applies to the collection of personal information from children under 13 years of age. According to its main provisions, the operators of web sites and Internet services do not have the right to request and store personal data of children without the official consent of their parents or guardians. Despite the fact that legislation provides for several ways to seek consent, most sites (such as Facebook, Twitter and Google+) simply prefer to block access for users under 13 years of age.

In July 2013, the law was tightened. What happened The definition of “personal information” has been expanded. Now it includes:
• full name;
• Contact details, including residential address, phone number, E-Mail, ICQ or Skype number, etc.
• User nickname, virtual name
• Social security number
• Photo and video of the child, voice recording
AHTUNG : cookie number, IP address, processor number or serial number of the device that accesses the network
• Geolocation information

Should I care?

COPPA applies not only to local companies, but also to operators of foreign sites if they conduct business with the United States and attract American users. For example, mobile applications, game platforms, plug-ins, ad networks fall under attack .

At the same time, the Federal Trade Commission (FTC), which is responsible for overseeing the implementation of the law, makes a distinction between sites aimed at children and sites with a "wide audience". The latter should follow the COPPA only when they know that a certain percentage of their visitors are under 13 years old.

The irony is that the target audience of the site or mobile application for the FTC does not matter. The only important thing is who actually visits this site, and what data about visitors to the site is recorded.

Since, as it is intelligibly explained on the Commission’s website, Internet products and services designed for adolescents and young people are likely to be interesting for children, they are also subject to COPPA. This is especially true for developers and operators of online and mobile games . Even when it comes to a medieval strategy designed for uncles over 25, there remains a certain amount of risk that pre-school children will want to try on. If the provisions of the law in such a game are not complied with, the FTC could theoretically be enough to file a lawsuit.

Unpleasant examples are already available. In 2011, Playdom, by the way, was fined $ 3 million, although children under 13 made up only 2% of its audience.

What should I do?

From the point of view of the FTC, the most elegant way to solve the problem is to introduce the so-called age gating mechanism . It is understood that when registering on the site, users will be required to enter information about the day, month and year of birth. Thus, children can be immediately filtered.

It is important to note that the registration page should not contain any instructions to block access for users under 13 years of age. Thus, the FTC expects to prevent the entry of knowingly false information.

The good news is at least that users are not responsible for "giving false testimonies" by users.

As already mentioned, age gating and user filtering has long been used by American social networks. Blizzard, Zynga, Playdom, and EA also follow suit.

Starting June 13, EA asks for the age of users when registering for mobile games. Battleship Free, Boggle, Monopoly, Pogo, Scrabble, Supreme Heroes, Surviving High School, Tetris, The Simpsons Springfield, Theme Park and some other applications have become inaccessible to children.

Does it hurt?

It is still difficult to say how likely it is that the FTC will begin to harass foreign sites for collecting information about American children. The Commission probably will not notice small fry.

Another thing is if the imported mobile application is in the top of the local Apple App Store, Google Play Store and the like, or the game portal suddenly begins to be actively advertised in the States. There is already a great risk of catching the eye.

What could be a violation of the law? While the "bad" sites escaped with fines (16 thousand dollars for each child, by the way !!!). If I don’t pay or correct, I can block the URL. But the worst part is the potential seizure of US assets. By them we mean not so much a summer house in California as, for example, freezing iOS and Google Developer Accounts. For mobile game developers, this would not be funny at all.

Epilogue

The changes in COPPA and the ensuing consequences are, as already noted, a new and unknown topic. Foreign (European certainly) developers are still wandering in the dark and are trying to determine their position.

If any of the residents of Habra dwellers already have specific experience in this matter, I beg you to share it.

All of the information in this post can be found on the FTC or COPPA website . I especially recommend getting acquainted with the FAQ and recommendations for site operators .

Enjoy reading!