5 Ways Your Kids’ App Can Protect Users’ Digital Data Privacy
At OpenBack, we are dedicated to normalizing a safer, more responsible method of data processing in the mobile engagement industry. This is even more important for kids’ apps, who have an even more outstanding responsibility to protect their users’ data privacy. While most countries have regulations in place to control how children’s digital data is processed and what parties have access to it, the rules can be slightly different regionally. If you put in the minimal effort, and only give lip service to the letter of the law, you will ultimately slip up. The repercussions for misuse of kids’ digital data can be hefty… both in terms of fines from government bodies such as the FTC, and in terms of losing the trust of your users and their parents. This can even result in your app no longer being listed on app stores.
Ultimately, the best way to ensure your mobile app is compliant with COPPA, GDPR-K and other local kids’ data privacy laws is to build ethical, transparent data usage into your app from the very beginning. If you’re not sure where to begin for that, read below for our checklist of 5 must-haves for a kids’ app to protect the data privacy of its users.
Download OpenBack’s whitepaper outlining our unique approach to data privacy and regulation compliance:
Do Your Data Privacy Due Diligence: Does Your Kids’ App Target Users Younger Than 13 Years Old?
When it comes to data privacy, there are 2 regulations that specifically deal with how to treat with the digital data of children: COPPA and GDPR-K. Since GDPR-K is a subsection of the more inclusive GDPR, we will focus on the FTC’s COPPA regulation for this blog post.
COPPA (short for the Children’s Online Privacy Protection Act) covers any apps or websites whose user base is primarily minors of younger than 13 years of age. And the onus is on the mobile app to make itself a safe environment for kids, if that is the audience it’s specifically aimed at. This can cause problems when an app or website is aimed at a mixed-audience user base. For example, YouTube has tried to shirk COPPA liability by putting the responsibility on individual content creators to flag any content directed at children.
99% of the time, an app should know the age range of its targeted market. For apps or mobile games with a crossover market, you will have to consider whether your aesthetic is specifically targeting children. For example, Mexican games development studio Hyperbeard was fined for violating COPPA, as their use of bright colors and cute cartoon characters was considered to be overtly appealing to kids.
Only Track Data That’s Necessary for the Utility of Your App
The way we collect and process data is constantly in flux. Pre-Cambridge Analytica scandal, the mobile app and engagement industry was a feeding frenzy of selling user data to 3rd-party advertisers. Now, app users are a lot more savvy about what the risks and potential of data breaches. And there is a push among both apps and operating systems to give users more control and insight into what happens to their data.
In the spirit of Apple’s iOS 14.5 update, which introduces App Tracking Transparency where users have to consent to the app having access to their online activity, your best bet is to only track the data you need to improve app UX. In short, tracking data to provide personalized liveops or push notifications for your kids’ app: yes. Tracking data to sell it to 3rd-party advertisers: no.
Use OpenBack’s Default Data Privacy Mode to Ensure User Data Stays on the Device
COPPA requires kids’ app to gain the consent of their users’ parents or guardians before tracking data. Even if your app only uses that data to personalize push notifications and in-app messages, because traditional push SDKs process user data in 3rd-party cloud servers (APNs for iOS and Google Firebase for Android), this can be a stumbling block for COPPA compliance.
With OpenBack’s data privacy mode, you can elect to process data directly on the user’s device. This means you can send users highly personalized push notifications without sending their personal data to 3rd-party cloud servers. And because the data never leaves the device and remains the user’s property, there is no need to request parental consent.
The name, address, telephone number, and email address of all operators collecting or maintaining personal information through the site or service (or, after listing all such operators, provide the contact information for one that will handle all inquiries from parents);
A description of what information the operator collects from children, including whether the operator enables children to make their personal information publicly available, how the operator uses such information, and the operator’s disclosure practices for such information; and
That the parent can review or have deleted the child’s personal information and refuse to permit its further collection or use. You must also state the procedures for doing so.
Apply for a Kid-Safe Certification/Seal
Once you’re confident you’ve done all you can to ensure your kids’ app respects its users’ data privacy, you can apply for a certification that your app is appropriate for kids. This is a good way to demonstrate to parents that you have done your due dilgence with regard to protecting their children’s data from misuse by 3rd parties.
There are various certification programs you can enroll in, such as Kidaware or kidSAFE. Certifications such as these can be an excellent way to show parents and other regulator bodies that you have good intentions and are dedicated to keeping your users’ data safe from misuse.
To learn more about how OpenBack’s data privacy mode can help your kids’ app be COPPA compliant, reach out to one of our experts for more information.