Creating Apps for Kids What It Means to be COPPA Compliant

A cute little interface and amazing content is often thought to be the right recipe for a killer app for kids. No doubt these are the main ingredients, but in order to have an app that’ll truly make it in the long run, a developer must be very thoughtful regarding the app’s monetization strategy AND genuine kid-friendliness - not only in interface and content - but also in respect to data, ads, third parties, and security.

So what does it take to create a kid-friendly app? In addition to great content, anyone creating products for kids must follow COPPA specifications. Through creating KIDOZ, the leading content platform for kids, I have worked with developers and device makers to provide great products for kids. So what factors do developers have to keep in mind when creating products for kids?

Parental consent can be a conversion killer; in accordance with COPPA, in order to store kids’ personal information developers need to get parental consent. An extra step is required if information is shared with third parties, this can be carried out by calling parents for approval or requiring them to pay for the service by credit card. Requiring this extra step can drop conversions and usage dramatically. 

To create a smoother experience for kids, design your product in a way that doesn’t collect any personal information, or only collects a small amount of information that is necessary.

Even if you build a product that is compliant, nearly every app uses a third party service, including analytics tools, and monetization components, such as ad network SDKs, or social plug ins. If the third party services you integrate with are not COPPA compliant, and collect or share kids’ personal information, your app will be held accountable. 

For example, nearly all ad networks keep the device ID of users, this information is considered personal information, and should not be collected in accordance with COPPA, especially if it will be used for targeted advertising.

I chatted with Shai Samet, the founder of kidSAFE, an independent program that provides safety and COPPA certification designed for kid-friendly technologies, apps, and websites. Shai is the legal expert on COPPA; he helps the industry abide by privacy laws for kids, and ensures there are great digital resources for children. We discussed how developers can ensure they are following regulations when creating products for kids.

Gai: In regards to COPPA, what are the main things developers should keep in mind when planning on creating an app?

Shai: COPPA compliance has to be built in from the very beginning stages of app development and design. Otherwise, you’ll find yourself having to make big adjustments later on, when it is often too costly or too late to make change (i.e., Apple is about to approve and feature your app).  

Developers need to know and plan for five key things: 

(1) Is the data they want to collect inside their app covered under COPPA.

(2) Are the features they wish to offer covered under COPPA.

(3) Which third party SDKs can they integrate without running afoul of COPPA.

(4) When should they be using a parental gate (such as a math equation) versus an age screen mechanism (such as a date of birth question).

(5) How should they develop and implement a COPPA-compliant privacy policy.

Gai: What are the key features of COPPA that pertain to mobile apps? 

Shai: The features inside of mobile apps that are most affected by COPPA are push notifications, social sharing plug-ins, third party SDKs, and ad networks. Just last month (December 2015), the Federal Trade Commission finally brought its first COPPA enforcement case against app developers for allowing targeted advertising within their apps. 

The developers paid the price - $360,000 worth. COPPA also affects the collection and uploading of other types of data such as photos, videos, precise geolocation, and some account registration data.  But these other data elements are not as commonplace or desirable as push notifications, plug-ins, and ad networks.   

Gai: What is the practical meaning of being COPPA compliant? 

Shai: More than anything, it means being able to secure more business with potential partners and licensees/licensors, as most big brands/companies today won’t work with you if they can’t confirm that you are fully COPPA compliant. Being COPPA compliant also means mitigating the threat of a lawsuit from the FTC, State Attorneys General, and possibly others.  And with the average COPPA fine, historically, being in the neighborhood of more than $400,000, this is no laughing matter.       

With COPPA in mind and the right tools, developers can focus on creating the best products for kids. As the FTC fining of LAI Systems and Retro Dreamer showed in December, app developers must take the time to understand the legal implications of making products for kids, and can no longer afford to ignore COPPA compliance. By ensuring we are following regulations, we are all creating a safe digital environment where kids can learn and grow.