Violating the Children's Online Privacy Protection Act (COPPA) can be very expensive. In 2014, the Federal Trade Commission (FTC) has already collected over $60 million in fines. One accidental infraction can be enough to put many app publishers out of business. The FTC has recently ramped up its crackdown on app publishers who are not compliant.
So in this post, we will show you what you can do to avoid being slapped with a huge fine. This is especially important if you have an app that is for children. If you are not familiar with COPPA, we will start with a brief introduction.
COPPA was created to protect the identities of children under 13. The original version of COPPA was created in 1998, long before mobile apps ever existed. It originally applied to websites, but the 2013 update extended the policy to mobile apps.
The bottom line is that your app cannot collect personal information from children under 13, without parental consent. Personal information is defined as:
First and last name
Online contact information
A photo, video or audio that contains a child's image or voice
Social security number
A screen or user name that functions as contact information
Geolocation information, including a physical address, street name and city or town
Any information collected from the child about the child's parents, along with one of the identifiers above
If you are trying to make your app as frictionless as possible and disregarding COPPA violations, then you are setting yourself up for trouble. Here are five tips that can help keep you out of hot water with the FTC.
A simple age verification screen is usually enough if your app is not targeted at children. By asking for date of birth, you can easily reject users that are under the age of 13. Keep in mind that asking for a user's age directly is a COPPA violation.
In apps that are for children, parental gates can help to ensure that kids have permission to access to paid features, external links and other settings. This is a good example of how the Justin's World app prevents children from accessing the app's settings.
One option is not to collect any information from your users. This obviously won't work for all apps. But if your app is simple, you might consider it.
Carefully review if you really do need to collect personal information. Sometimes you get away with using anonymous data, without sacrificing functionality.
If you do need to collect personal information, you should keep as little as possible. This includes not asking for too much information during signup and deleting information that you no longer have use for.
In addition, if your app needs parental consent to use personal information, consider deleting all account information if a parent doesn't verify the account in a certain amount of time. This will reduce your liability and your database size.
Another place where a child could possibly reveal personal information is in your app's support area. For younger children, a parental gate is usually enough to restrict access to support.
But for older children, consider making support as self-help as possible. A well-documented FAQ section can go a long way to reducing the need for users to contact you directly.
Implementing anonymous in-app messaging and metadata filtering are other ways that you can keep personal information out of your support system. Review the options and see which one works best for you.
If you have any doubts as to if your app is COPPA compliant or not, don't hesitate to get a professional opinion. Laws can change without notice, so also be sure that you have the most up-to-date information. You can also email the FTC questions directly at: CoppaHotLine@ftc.gov
Even if your app doesn't target children, you still need to be careful with the information you collect. A few underage users can cost you a lot of money in fines.
To find out more, you can read the FTC's document on best practices for marketing your mobile app. It contains COPPA information and general app marketing guidelines that you should be following. The COPPA Frequently Asked Questions page also provides excellent information on COPPA compliance.
Photo: Child and iPad, by Brad Flickinger via Flickr CC