In an exclusive interview former HTML5 Game Developer Evangelist and current Director of Game Developer Relations at AgeCheq Tyler Smith told 80.lv about a reliable way to make your games compatible with COPPA requirements.
In an exclusive interview former HTML5 Game Developer Evangelist and current Director of Game Developer Relations at AgeCheq Tyler Smith told 80.lv about the impressive features of this service. If you were looking for an easy and reliable way to make your games appropriate for children, search no more. The solution is here.
Could you tell us a bit about yourself and your role at the company?
I’m Tyler Smith, an HTML5 game development expert and a published author on the topic of mobile app development. I was previously an HTML5 Game Developer Evangelist at appMobi then at Intel. I joined AgeCheq last year. My main job at AgeCheq is to help game developers integrate with our API, create simple SDKs to ease customer implementation, and to help inform customers on how to make their games COPPA compliant. My official title is “Director of Game Developer Relations”.
agecheq_logo-80lv
AgeCheq has created a COPPA compliant ecosystem that streamlines all the facets of the COPPA law. Using AgeCheq allows developers to not have to worry about creating an infrastructure to display a disclosure form, verify a parent, get authorization for their app, allow parents to revoke permissions, etc. AgeCheq gives mobile app and websites developers an easy solution to a very complex and important issue; protecting children’s data.
Privacy is rapidly becoming one of the biggest problems for app users all over the world. How did COPPA help to solve this problem?
The Children’s Online Privacy Protection Act (COPPA) was originally passed in 1998 and was put into effect in 2000. The initial intent of COPPA was to detail what a website operator must include in a privacy policy, dictate when and how to seek verifiable consent from a guardian or parent, and define what responsibilities an operator has to protect children’s privacy and safety online.
The FTC updated the COPPA law in 2013 to protect children’s data that was being gobbled up by the new wave of mobile technology. COPPA has 6 main steps to be compliant:
1. Determine if your company is a website or online service that collects personal information from kids under 13
2. Post a privacy policy that complies with COPPA
3. Notify parents directly before collecting personal information from their kids
4. Get parents’ verifiable consent before collecting information from their kids
5. Honor parents’ ongoing rights with respect to information collected from their kids
6. Implement reasonable procedures to protect the security of kids’ personal information
AgeCheq helps developers and businesses comply with points 2-5.
Post a privacy policy that complies with COPPA
AgeCheq’s Solution: You may already have a privacy policy document. However, COPPA asks developers to tell parents specifically what Personally Identifiable Information (PII) your game or app collects in an easily readable format. AgeCheq can help with our database-driven layered privacy disclosure. See example below.
agecheq-80lv
Notify parents directly before collecting personal information from their kids
AgeCheq’s Solution: AgeCheq has created a feature rich dashboard that allows parents to view the developers database-driven layered privacy disclosure, watch a short video that’s auto-generated to explain exactly what PII the developer collects, and ultimately give developers verified parental consent to collect that PII.
The developers only have to invite parents to log into the parent dashboard located at parents.agecheq.com to approve the data collection before they collect any PII.
Get parents’ verifiable consent before collecting information from their kids
AgeCheq’s Solution: AgeCheq validates parents as defined by the COPPA law when they sign up for a parent dashboard account. This allows the parent to only verify their identity once with AgeCheq while being able to give verified parental consent for multiple applications. When they are shown AgeCheq’s layered privacy disclosure, an authorization button is under the policy for them to give their consent to the collection of data. After the parent approves the application, the developer can now collect data from the user.
How do we implement AgeCheq SDK into a game?
agecheq-80lv
AgeCheq has created many documents and videos explaining exactly how to integrate with our SDKs. You can find all the API information and SDK downloads with walkthrough videos and documents at documentation.agecheq.com.
AgeCheq’s API works through a series of REST calls, so almost every platform is able to integrate simply, even without an SDK.
Right now, AgeCheq has seven native platform SDKs; iOS, Android, HTML5, Unity, Corona, Cordova, and Windows Phone. We plan to release a Flash SDK in the upcoming weeks.
Any questions about our API or SDKs can be directed at info@agecheq.com.
What does AgeCheq actually do in the game? What kind of data does it gather, what does it do with this information?
How the user interacts with AgeCheq is completely dependent on how the developer integrates our API and what the target audience is of the app or game.
As an example, if you had a general audience game that may appeal to kids under 13, the developer could implement an age-gate. If a user identified themselves as under the age of 13, the developer would then call the AgeCheq API and get verified parental consent to collect data. If they are older than 13 you just let them play as usual.
agecheq-80lv
There are some great best practices documents at documentation.agecheq.com inform developers of the best way to implement AgeCheq and how to decide which category a game or app falls under according to COPPA.
When a developer integrates with our API, they simply call us before they collect any PII. We let the developer know if the user has gotten verified parental consent to allow the data collection. If the user hasn’t yet, the developer can let the user play without collecting any PII, let the user play with a limited experience, or simply block the user until the privacy disclosure has been authorized.
AgeCheq only collects a generated device ID for associating the user with the device. This allows multiple AgeCheq apps on the same device to recognize the device-registered. This eases friction for the user when they download another AgeCheq enabled application.
AgeCheq is designed for mobile apps, but is there a way to use it in Flash and PC-games? Is it necessary?
AgeCheq’s main focus has been mobile, but any platform that can execute REST commands can integrate with our API. We are currently finalizing our Flash SDK and it should be out in the next couple of weeks.
It may be necessary if the PC game is being played in a browser or is a download and collects any PII. If the game has to be purchased from a store with a credit card, then since a monetary transaction took place it is assumed the purchaser was older than 13 and a guardian has vetted the game.
What should we expect from privacy regulations in the future? Are they going to become harsher? Don’t you think that these regulations can sometimes hurt the whole game industry?
Privacy regulations change slowly. The FTC just commented on the Internet of things about its data collection. They pointed out that regulations at this stage of development would hurt a growing industry but stressed that data collection should be done in a way to protect customer’s privacy. The harshness of COPPA won’t be caused by an addition to the rule, but by a crackdown by the FTC to enforce the law more broadly.
Regulations are never perfect, and it’s very difficult for a governmental entity to completely understand an ever expanding and innovating industry such as mobile and gaming. This causes some growing pains for an industry that is being reigned in. That said, without these types of restrictions on data collection we fall into a very scary place where all private information is available for exploitation. Even worse, children who don’t fully understand the technology they are using become vulnerable to exposing all of their personal information to the world. So while regulations aren’t always written with full understanding of the industry, the intent and eventual effect of them benefit consumers and our privacy as a population.