In the first half of 2019, with Google rolling out a new set of developer policies, the U.S.
children’s privacy law COPPA drew great attention among the developer community, and they react with
prompt reflections upon their practices concerning children.
So, what does COPPA regulate, and how does it affect developers? In this article, let’s find out.
What is COPPA, do I must comply?
COPPA, the Children’s Online Privacy Protection Act, is enacted in 1998. It is “the first U.S.
privacy law written for the internet”, and is also the first children’s online privacy protection
act in the U.S. Under COPPA, data collection from children under the age of 13 is forbidden unless
with explicit consent from their parents.
Though being a U.S. law, COPPA is applicable to mobile apps/websites/online services fall under any
of the following cases:
1) Subject to the jurisdiction of the U.S.;
2) Hosted on U.S. servers;
3) Headquartered in U.S. territories;
4) Involved in commerce in the U.S. or its territories.
In other words, as long as a company acquires users from the U.S. or is involved in online
business in the U.S., it should comply with COPPA rules.
For any violation, the U.S. Federal Trade Commission (FTC) has the right to impose a fine for up to
200 million US dollars. Needless to stress further, COPPA has strong binding force and impact since
App stores step up efforts, boosting full application of COPPA
To create safe and friendly environment for children, mobile app stores have all rolled out policies
to push forward COPPA compliance among game and utility developers.
Apple’s App Store review guidelines stipulate that apps in its Kids Category should explicitly
declare the age group of their target audience, and must be made specifically for kids ages 5 and
under, ages 6-8, or ages 9-11.
Google updated its Families policy and Designed for Families program requirements in May 2019,
asking all developers to comply with the updated policies by September 1st, 2019, otherwise their
apps might be removed from the Google Play store if fail to complete the Target Audience and
Content section of the Google Play Console.
Meanwhile, developers using IAA (in-app advertising) are required by both App Store and Google Play
to only display ads that comply with corresponding classification policies. Developers should make
sure the ads are appropriate for children and are from Google Play certified Ad Networks, and comply
with COPPA and the EU General Data Protection Regulation (GDPR).
COPPA renovating the mobile advertising industry
With COPPA and app stores’ policies, developers and their partnering Ad Networks face higher
Ad Networks must collaborate with developers to complete compliance with COPPA, and make sure SDK’s
data practices (including collection and use) comply as well. According to COPPA rules, the work of
an Ad SDK in a compliant game app need to involve three steps:
1. Collect information
Developers need to verify whether the user is under the age of 13, and whether COPPA is applicable.
If yes, they need to include a parental consent obtaining process in the SDK, a direct notice of
information collection, and also to inform if the collected information shall be share with any
third parties such as Ad Networks.
In addition, developers should maintain the confidentiality, security, and integrity of information
they collected from children (only retain the information for only as long as is necessary to
fulfill the purpose for which it was collected, and delete when the reasonable time is due),
supervise partnering third parties to maintain information’s confidentiality and security likewise.
2. Design ad placements
AdTiming asks developers to use compliant ad formats and design reasonable placements. Please be
reminded that below ads violate the rules.
In a previous article, we introduced common ad formats to help developers grasp what compliant ad
placements are, read the details here
3. Display ads
Apart from abiding by the classification rules, Ad SDKs should also only display contextual-based
ads rather than interest-based ads to children under 13.
- Interest-based targeting is a common practice in mobile advertising, by collecting and analyzing
information about user’s interest, to display personalized ads;
- Contextual-based targeting means not collecting information about user’s interest, on the
contrary, it displays targeted ads based on the app’s type or the category it is in, such as
children/education apps, children e-commerce apps/products, children movies, etc.
Meanwhile, according to the rating rules, ads can be separated into four categories with different
content labels, i.e. G
-general audiences (content suitable for all audience),
-parental guidance (content suitable for most audiences with parental guidance),
-teen (content suitable for teen and older audiences), and MA
(content suitable only for mature audiences). Developers and Ad Networks should both screen out ads
that are inappropriate for children.
AdTiming is committed to protect user privacy
User privacy nowadays is a huge global cyber security issue, whilst the protection of children’s
privacy in particular is often neglected. To better protect children’s privacy and help foster a
healthier children’s game market, AdTiming strictly abide by COPPA rules throughout our products and
operations. We’d also like to remind developer friends to be compliant with relevant rules and laws,
as well as the policies of Ad Networks you use.
We have also completed GDPR compliance, holding fast to data protection and fair use. Be the target
audience adult or children, AdTiming is readily prepared and devoted to safeguarding developers and