coppa

We’ve posted about the update in Apple’s App Review Guidelines which mainly brought some big changes for developers that create apps directed to children aged 13 years and younger. These changes are due to the fact that COPPA is out in a revised version since July 2013 (Children’s Online Privacy Protection Act dating back to 1998).

This post is highlighting some of the things you need to think about when you want to add your app to Apple’s App Store [a) Apple’s App Store Review Guidelines b) COPPA in general c) What’s personal information d) iubenda’s help].

I’d like to stress that iubenda is doing everything possible or reasonable to help developers and designers like you to become privacy regulation compliant, but that using iubenda is not always enough in terms of what you have to do or sometimes not do. This applies to your apps and COPPA.

Apple App Store and COPPA

As reported, Apple has updated their terms for their App Store admission and added the following regarding children under 13 years of age:

17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age

17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, persistent identifiers, the ability to chat, or other personal data) from a minor must comply with applicable children’s privacy statutes.

24.1. Apps primarily intended for use by kids under 13 must include a privacy policy.

24.2. Apps primarily intended for use by kids under 13 may not include behavioral advertising (e.g. the advertiser may not serve ads based on the user’s activity within the App), and any contextual ads presented in the App must be appropriate for kids.

24.3. Apps primarily intended for use by kids under 13 must get parental permission or use a parental gate before allowing the user to link out of the app or engage in commerce.

24.4. Apps in the Kids Category must be made specifically for kids ages 5 and under, ages 6-8, or ages 9-11.

24.1 Means that you need to include a privacy policy at all costs when you develop your app primarily for children under the age of 13. This, regardless of you actually collecting personal data by these children.

Notice how Apple wants you to pick the age range? Make sure you follow all of Apple’s and COPPA’s requirements.

What else are you supposed to do or to not do at all?

COPPA Rules in General

There are some general rules you need to follow when covered by the COPPA (quoted from the FTC COPPA FAQ):

  1. Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
  3. Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
  4. Provide parents access to their child’s personal information to review and/or have the information deleted;
  5. Give parents the opportunity to prevent further use or online collection of a child’s personal information;
  6. Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
  7. Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the  information using reasonable measures to protect against its unauthorized access or use.

What is personal information in COPPA 2013?

Personal Information under COPPA 2013

Another change that COPPA brings in its 2013 form is the broader definition of “personal information”. Until now the term “personal information” included such categories as first and last name, a home or physical address, an email address, a phone number etc. The amended Rule defines personal information to include:

  • First and last name;
  • A home or other physical address including street name and name of a city or town;
  • Online contact information;
  • A screen or user name that functions as online contact information;
  • A telephone number;
  • A social security number;
  • A persistent identifier that can be used to recognize a user over time and across different websites or online services;
  • A photograph, video, or audio file, where such file contains a child’s image or voice;
  • Geolocation information sufficient to identify street name and name of a city or town; or
  • Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described above.

If you collect any of the information above, COPPA will be applied to your app. Don’t forget however, that if you don’t collect any personal information, you are still required to say that in a privacy policy according to Apple’s new app acceptance requirements.

iubenda and COPPA

iubenda has worked the information you have to provide parents with into a clause we call “The Service is directed to children under the age of 13”. Add that clause to your privacy policy. While iubenda helps you craft beautiful and meaningful privacy policies, you need to understand that this isn’t the end of the path to compliance. There are a few things that only you can do like (the source was a mailing to companies that made apps for children)

  • You must give notice and get parental consent for personal information collected
    on your applications from third parties, such as ad networks, unless an exception
    applies
  • You must take reasonable steps to release children’s personal information only to
    companies that are capable of keeping it secure and confidential.
  • You must meet new data retention and deletion requirements.

If you have any questions, we are happy to take them and they will be addressed in our upcoming, more helpful guide. If not feel free to go ahead and generate your app’s privacy policy with us.

Generate App Privacy Policy

Further helpful links:


Notice requirements under Privacy ShieldPaymill Privacy PolicyApple's App Review Guidelines Updates Privacy Policy Related Sections

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now
RSS FEED

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now