Last update: September 2021

5 mins to read - 2021/09/13

COPPA Compliance for Mobile Games Developers

The mobile games market is booming across the boards. Following the watershed year of 2020, where the COVID-19 pandemic drove most of us to stay indoors, a lot of people worldwide are playing mobile games who never did before. While there were some naysayers who predicted the surge would die down once lockdowns ended, studies show that players are more deeply engaged than ever, playing on average 8 hours per week. According to the 2021 NPD report on Deconstructing Mobile & Tablet Gaming, children (age 2-12) make up 17% of the mobile games market, with an average 6-month spend of $19. This makes them one of the most valuable age bracket in terms of revenues. And the fact that children younger than 13 will often play games targeting teens and young adults means that COPPA compliance is a must for any mobile games developer with a crossover user base.

Download OpenBack’s whitepaper outlining our unique approach to data privacy and regulation compliance:

COPPA Compliance 101: Mobile Games With Crossover Audiences Are Liable

So what does “crossover” mean in this instance? It means any mobile game that targets different age groups, or which could reasonably be enjoyed by different age groups. Take Among Us, which was the #1 downloaded mobile game worldwide in 2020, according to Apptopia. It’s simple, it’s colorful, it’s animated – perfect for both kids and older users. So even if your mobile game – set in a colorful, pixellated version of the MCU where players can play as Loki, Thor, or Black Widow – is technically for users age 13 and up, if the FTC considers the game to be attractive to kids age 12 and younger, the game will have to be COPPA compliant or risk a fine.

For example, mobile games development studio Hyperbeard was fined for COPPA compliance failure. And the FTC determined that, because their games are brightly colored and featuring cute cartoons – and they even have a crossover game featuring Cartoon Network characters from shows popular with kids – they were without a doubt targeting users younger than 12, even if their games are being played across all age groups.

For mobile games, another thing to keep in might is gaming mechanics and game loop. If your game loop is simple and repetitive, easily learned and with simplistic gaming mechanics, you should expect a large portion of your user base to be kids. As such, you should do your due diligence regarding COPPA, even if you hope to attract older players as well. (This is especially applicable to hyper-casual games, such as Flappy Bird and other endless runners.)

What Is the Penalty for COPPA Violations?

The penalty for violating COPPA is a fine of $42,530 per violation per child. As you can imagine, this can really add up, especially for mobile games with a wide reach. But how likely is it that the FTC is going to chase you down for an accidental COPPA violation that you rectify immediately? It’s difficult to say, as the FTC is known for fining high-profile mobile apps such as YouTube and TikTok, as well as smaller developers and studios such as HyperBeard.

As we have explored in the past, YouTube especially has some grey area when it comes to cross-over audience. YouTube, in an effort to pass the buck to its content creators, made it each individual channel’s responsibility to flag their content as “aimed towards children.”  And for a while there was consider confusion among content creators around what qualifies as “aimed towards children.”

However, the FTC genuinely isn’t trying to catch you out, and they are very transparent when it comes to their guidelines. Any mobile game with a mixed user base could get some pointers from the FTC’s advice to YouTube content creators to their own practice. Namely, in addition to considering what age your user base is, it’s important to consider what publications or organizations are talking about your game:

“Consider how others view your content and content similar to yours. Has your channel been reviewed on sites that evaluate content for kids? Is your channel – or channels like yours – mentioned in blogs for parents of young children or in media articles about child-directed content? Have you surveyed your users or is there other empirical evidence about the age of your audience?”

Image Source: Screenshot from Stardew Valley

How Should Your Mobile Game Approach Kids’ Data?

This is entirely up to you. To play it entirely safe, you may wish to avoid processing data of any players younger than 13. However, for the majority of mobile games in the arena, some extent of data leveraging is necessary to monetize a free-to-play (F2P) app. And for many other games, an extent of data processing is baked into the function of the game. For example, augmented reality (AR) games such as Pokemon GO, or games where players battle each other or team up to solve puzzles or go on quests in real-time need to access users’ geolocation or other various data to function properly.

To share data of users younger than 13 with 3rd-parties, apps will need to obtain the consent of their parents. This makes certain monetization tactics such as in-app advertising highly problematic. Many parents won’t agree to have their children’s data shared for the purpose of their receiving ads. And in these post-IDFA times, where Apple are slowly normalizing the idea that no 3rd-party should have access to our personal data, many users will refuse their consent.

COPPA-Compliant Data Leveraging With Mobile Edge Computing

However, it’s possible to send personalized push notifications suggesting in-app purchases without sharing user data to either 3rd-party advertisers or to a cloud messaging server. OpenBack’s hybrid mobile engagement platform uses machine learning and edge computing to process all user data at its source. This means that all data remains on the user’s device at all times… and stays 100% their property.

This enables your mobile came to be COPPA compliant (as well as compliant with other data privacy regulations, such as GDPR and HIPAA) by default. And, because no 3rd parties have access to your users’ data, there is no need to obtain parental consent to process it. It’s a win-win for everyone.

To learn more about how you can send data privacy regulation-compliant push notifications and in-app messages using OpenBack, get in touch with one of our experts.

To read more about how to use OpenBack to boost player retention and maximize revenues, download our Case Study: Dreamworks How To Train Your Dragon App, School of Dragons

Leave a Reply

Your email address will not be published.

fifteen − 11 =

Download our Mobile Marketing Playbook to perfect your user engagement game!


Translate »