COPPA Compliance/Launch Pad

I’ve been looking at all the related posts and blogs and I think I may just be missing something…

We have an app that previously did not include leaderboards and now we wish to enable Corona’s launchpad so that users can sign into Game Center and Google Play games.

In drafting a revision of our privacy policy, I’ve included links back to each company’s terms of service (both requiring users to be 13 to sign in)… the question I have then is this:

If users under the age of 13 are “playing offline”, are we still compliant even though launchpad is enabled, and if not, how do others account for this?

Any help is much appreciated!

Dan Yosua

Yosuatreegames LLC

http://coronalabs.com/blog/2013/05/16/update-on-corona-and-coppa-privacy-policies/(1)

http://business.ftc.gov/documents/alt046-childrens-online-privacy-protection-rule-not-just-kids-sites (2)

I would think it’s accurate to say that we are marketing to a general audience (2), and have covered our own bases (we don’t knowingly collect data on our website, in our app, nor do our third parties from those under 13 and we’ve reflected what does get collected in our privacy policy). 

The exception would be our uncertainty about corona’s launchpad analytics.

My thought process after reading much of the material available is that since the only info collected is the following…

• Device type and OS
• An app identifier – this is a string that identifies the Corona app. It does not include any end user info.
• App session time and lengths – this is data on the end user’s usage of the app, but not any personal info.
• IP address – this is the IP address related to the user’s phone connection to the Internet
• Hashed/anonymized MAC address – this is an identifier of the end user’s device

…and none of it can be tied back to an individual child, nor is it telling of their age, I would then think it’d be safe to assume that (using the language from reference 2) we wouldn’t have “actual knowledge” of any person’s age by looking at this data. And thus not in violation of COPPA.

Any more thoughts on the issue, particularly from any staff member savvy in this area, would be awesome.

Thanks!

http://coronalabs.com/blog/2013/05/16/update-on-corona-and-coppa-privacy-policies/(1)

http://business.ftc.gov/documents/alt046-childrens-online-privacy-protection-rule-not-just-kids-sites (2)

I would think it’s accurate to say that we are marketing to a general audience (2), and have covered our own bases (we don’t knowingly collect data on our website, in our app, nor do our third parties from those under 13 and we’ve reflected what does get collected in our privacy policy). 

The exception would be our uncertainty about corona’s launchpad analytics.

My thought process after reading much of the material available is that since the only info collected is the following…

• Device type and OS
• An app identifier – this is a string that identifies the Corona app. It does not include any end user info.
• App session time and lengths – this is data on the end user’s usage of the app, but not any personal info.
• IP address – this is the IP address related to the user’s phone connection to the Internet
• Hashed/anonymized MAC address – this is an identifier of the end user’s device

…and none of it can be tied back to an individual child, nor is it telling of their age, I would then think it’d be safe to assume that (using the language from reference 2) we wouldn’t have “actual knowledge” of any person’s age by looking at this data. And thus not in violation of COPPA.

Any more thoughts on the issue, particularly from any staff member savvy in this area, would be awesome.

Thanks!

So with actual changes now in 2015 related to COPPA at Google and Apple… what’s about Corona analytics, APIs, Plugins (like Flurry for example). Is there anything to have an eye on regarding the development of apps for kids?

I’ve read about the apps from BabyBus which were all removed by Google because an API was somehow collecting GPS data. (Read here: http://www.gamasutra.com/blogs/RoySmith/20150106/233634/Apple_and_Google_Finally_Get_Serious_About_COPPA.php?elq=f608931e95fd4d2499c22e6c5a07785a&elqCampaignId=11921 )

Can something like this happen with Corona and some third party plugins?

Any help and info on this welcome!

Hi Daniela,

Please check out this blog post. It’s a little old, but everything inside still applies.

http://coronalabs.com/blog/2013/05/16/update-on-corona-and-coppa-privacy-policies/

Thanks,

Brent

Thx for the link Brent!

Is it still necessary to set launchPad = false ? Hasn’t the Corona data collection service been shut down?

I would leave the launchPad = false in as a safety.

Rob

So with actual changes now in 2015 related to COPPA at Google and Apple… what’s about Corona analytics, APIs, Plugins (like Flurry for example). Is there anything to have an eye on regarding the development of apps for kids?

I’ve read about the apps from BabyBus which were all removed by Google because an API was somehow collecting GPS data. (Read here: http://www.gamasutra.com/blogs/RoySmith/20150106/233634/Apple_and_Google_Finally_Get_Serious_About_COPPA.php?elq=f608931e95fd4d2499c22e6c5a07785a&elqCampaignId=11921 )

Can something like this happen with Corona and some third party plugins?

Any help and info on this welcome!

Hi Daniela,

Please check out this blog post. It’s a little old, but everything inside still applies.

http://coronalabs.com/blog/2013/05/16/update-on-corona-and-coppa-privacy-policies/

Thanks,

Brent

Thx for the link Brent!

Is it still necessary to set launchPad = false ? Hasn’t the Corona data collection service been shut down?

I would leave the launchPad = false in as a safety.

Rob