Kids, privacy and mobile games: ESRB moves to limit risks

Mobile developers serving U.S. markets looking to remain compliant with the U.S. Federal Trade Commission's recently Children's Online Privacy Protection Act (COPPA) revisions, which go into effect July 1st, now have an extra hand in privacy certification via the Entertainment Software Rating Board. The ESRB's Privacy Certified program, which exists to assess privacy risks and offer solutions for developers working on COPPA-compliant games and apps, has been expanded to provide additional services for mobile properties, including individualized privacy risk assessment, consultations, compliance monitoring, and -- central to COPPA -- solutions for implementing verifiable parental consent checks on users under the age of 13. "Achieving compliance with requirements like COPPA can be complicated, particularly for rapidly evolving platforms like mobile," says ESRB Privacy Certified vice president Dona Fraser, in conjunction with the announcement [PDF]. "By extending our services beyond website operators to include mobile app developers as well, we are helping to ensure that their products provide a trustworthy environment for user interaction and information sharing." Children-targeted mobile games have recently come under scrutiny by various regulatory bodies, chiefly concerning in-app purchases. Apple recently followed through on a settlement in a suit which alleged iOS apps such as Smurfs Village were facilitating hundreds of dollars in unauthorized purchases. While the revised COPPA Rule does not target IAPs specifically, the revisions do seek to close several privacy-related loopholes, such as barring apps from obtaining the user's personal information through third-party plugins, and limiting the amount of real-world data apps can collect from under-13 users.