COPPA: CHILDREN'S PRIVACY, YOUR GAME, AND THE CHANGING ONLINE LANDSCAPE MONA IBRAHIM SENIOR ASSOCIATE INTERACTIVE ENTERTAINMENT LAW GROUP

Slides:



Advertisements
Similar presentations
FERPA - Sharing Student Information
Advertisements

Family Educational Rights and Privacy Act (FERPA) Basics For Faculty and Staff.
Protection of privacy for all Students!
PRIVACY CONSIDERATIONS Privacy for Children Under 13 1 February 2013.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
NAU HIPAA Awareness Training
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Family Educational Rights and Privacy Act What you need to know...
Protect Yourself from Your Customer Kristin A. Stedman, AAP Senior Vice President Education Services 1 © 2014 TACHA. All Rights Reserved.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
FARMINGTON AREA PUBLIC SCHOOLS SUMMER TECHNOLOGY ACADEMY AUGUST 18TH, 2010 Web 2.0 Tools.
Motor Fuels IFTA/Intrastate E-File
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
Per Anders Eriksson
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
FERPA Family Educational Rights and Privacy Act and Rebecca Macon Registrar University of Georgia Presentation for GASFAA October.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Acceptable Use Policies, Online Safety, and Photo Permission Forms Elizabeth White Tara Dykes Julie Howe.
Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.
Social Media Safety Manchester Township Middle School Guidance Department
Canada’s Anti Spam Legislation. What is CASL? CASL was intended to combat negative online behaviour  spam  phishing  malware  spyware  It will create.
Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;
Students in our 5 th grade classrooms are going to receive their own iPad to use during the school day. This allows for even more opportunities for creativity,
1 Department of Veterans Affairs Debt Management Center (DMC) School Tuition Debt Payment Procedures Nicole Haselberger Julie Lawrence.
Public Records Overview and Case Update: September 11, 2015 presentation Patricia Gleason Special Counsel for Open Government.
2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
How to Use Online Registration – Student Quick Reference Guide This quick reference guide contains step by step instructions on how to: 1.Register online.
CYBERLAW Cyberlaw Meets Family Law: The Children’s Online Privacy Protection Act of 1998 (COPPA) Class of Nov. 11, 2002 Professor Susanna Fischer.
Confidentiality A Training Without the Video. Laws FERPA (1976) or the Buckley Amendment (1994) IDEA (1991) KY Safe Schools (1998)
Acceptable Use Policy By: Ashley Crehan Jessica Harmon Emily Edwards.
A REVIEW OF THE NPSD’S ACCEPTABLE USE POLICIES AND ADMINISTRATIVE REGULATIONS JUNE 17 TH & 20 TH TEACHER IN-SERVICE The Acceptable Use of Technology 1.
A REVIEW OF THE NPSD’S ACCEPTABLE USE POLICIES AND ADMINISTRATIVE REGULATIONS JUNE 17 TH & 20 TH TEACHER IN-SERVICE The Acceptable Use of Technology 1.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
Your Rights! An overview of Special Education Laws Presented by: The Individual Needs Department.
TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
4. Select Student Services & Financial Aid Menu and Click on Online Registration menu How to Use Online Registration – Student Quick Reference Guide This.
The Apple Privacy Policy zakiya mitchell
Facebook privacy policy
The Acceptable Use of Technology
Silicon Valley Apps for Kids: COPPA BASICS
10 Patient Confidentiality and HIPAA
"Our vision is to be earth's most customer-centric company; to build a place where people can come to find and discover anything they might want to buy.
Final Amended COPPA Rule
Shavonne Henry, Nikia Clarke, David Heymann, Brandon Knight
A Parent Guide to creating a student (under 13) Apple ID
Red Flags Rule An Introduction County College of Morris
Current Privacy Issues That May Affect Your Credit Union
Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.
General Data Protection Regulations
Health Care: Privacy in a Digital Age
GDPR (General Data Protection Regulation)
Membership/Post Processing - Process Membership
Online Safety: Rights and Responsibilities
Colorado “Protections For Consumer Data Privacy” Law
Jadu XForms Professional
Presentation transcript:

COPPA: CHILDREN'S PRIVACY, YOUR GAME, AND THE CHANGING ONLINE LANDSCAPE MONA IBRAHIM SENIOR ASSOCIATE INTERACTIVE ENTERTAINMENT LAW GROUP

WHAT IS COPPA? Children Online Privacy Protection Act of 1998 Effective since the year 2000 Enforced by the Federal Trade Commission (FTC) Designed with consumer protection in mind Grants parents control over the information collected from children online

WHAT COPPA IS NOT Not a censorship measure– does not regulate website content or limit the information that can be collected through a website or online service; Not grounds for a private cause of action– only the federal government can enforce COPPA; Not designed to capture online predators, nor is it a crime fighting tool Not international law

ELEMENTS OF COPPA: WHO MUST COMPLY You must comply with COPPA notification and data protection/disposal regulations if: You run a website or online service that: Collects “personal information”, allows other third parties (apps and plug ins) to collect personal information, or you are the third party; Is directed towards children under the age of 13; or Is directed towards a general audience, but you have actual knowledge that you collect information from the under 13 demographic

ELEMENTS OF COPPA: WHAT IS AN ONLINE SERVICE? Websites and online services include mobile apps and game platforms with online components; Plug-ins Ad networks

ELEMENTS OF COPPA: DIRECTED TO A YOUNGER AUDIENCE No hard and fast guidelines to determine whether a game or website is “directed to children under the age of 13”; Factors taken into consideration include Use of animation/cartoons Nature of the content Child-oriented activities Age of models Presence of child celebrities or characters/celebrities that appeal to kids

ELEMENTS OF COPPA: PERSONAL INFORMATION If you collect any of the following end user information you may need to comply with COPPA: Full name Home or other physical address, phone number, social security number Screen name or user name that enables direct contact with the user (via VOIP, , IM, direct message) Photos, videos, or audio files containing a child’s image or voice Geolocation information Persistent identifiers– cookies, IP addresses, processor or device number or identifier

ELEMENTS OF COPPA: “COLLECTION” != STORAGE “request”, “prompt” or “encourage” the submission of information– submission need not be mandatory (e.g., “sharing” functions) Passive online tracking Enables information to become public, unless measures are taken to remove personally identifying information before content is published

DEVELOPER CHECKLIST: DO I FALL UNDER COPPA REGULATION? Ask yourself this: Are your games directed towards a younger audience? Do you collect user information through your website or ask users to create a username/account/profile? Are other service providers, such as ad networks, web hosts, plug in or add on providers, able to collect information through your website/game? If your game is designed for an older/general audience, do you ask age oriented questions– date of birth, highest level of education achieved, etc.

FAILURE TO COMPLY: PENALTIES FTC enforcement actions; Parents, competitors, etc. can submit complaint to FTC for investigation; Can be enforced by both states and other federal agencies; Penalty fees: up to $16,000 per violation; COPPA can apply to foreign entities if you distribute your game to US audiences

DEVELOPER’S CHECKLIST: IF COPPA APPLIES Check your documentation! EULA TOS/Privacy Policy (website, forums) NDAs Employee handbook Confidentiality policies Non-competes Vendor agreements

COPPA COP-OUT: ESRB SAFE HARBOR FTC has granted “safe harbor” status to ESRB privacy certified sites and products; Sites and service providers protected by a safe harbor are subject to far less scrutiny; For more information:

WHAT DOES COPPA COMPLIANCE LOOK LIKE? Your privacy policy should include: List of all third parties and operators that may collect information through your site/game; Description of the personal information collected and how it’s used; Description of parental rights Your privacy policy should NOT include: Promotional materials and unrelated information; Contradictory or confusing language; “legalese”

PARENTAL RIGHTS If you fall under COPPA regulation you MUST tell parents the following: You won’t require children to provide any information that is not strictly necessary; They can review the information collected and ask you to delete it, or refuse to permit further collection; They can permit use for the designated purpose, but may prohibit you from sharing that information with third parties; Procedures to follow to exercise rights

PARENTAL RIGHTS: PROCEDURES Notification should happen BEFORE information is collected; Notification must be DIRECT– via is standard. You can’t just send them a link to the privacy policy; Make sure you’re actually communicating with a parent or guardian What the notice to parents includes depends on why you’re contacting them. COPPA covers four contingencies: You’re collecting a child’s information; You’re voluntarily contacting parents concerning child’s online activities that do not involve information collection; You’re contacting the child through child’s online contact information, but you are not otherwise collecting information; and You’re collecting the child’s information for the child’s own safety and is not used for any other purpose

PARENTAL RIGHTS: NOTICE Notice should include (generally): Statement that parent’s contact information has been collected from the child and why; Statement that parental consent is required before you will collect child’s information; Identify the personal information that will be collected from child if parent consents; Link to your privacy policy State the means of verifiable consent permitted; If consent isn’t given in a reasonable amount of time, parent contact information will be deleted

PARENTAL RIGHTS: VERIFIABLE CONSENT Acceptable methods: sign a consent form and send it back to you via fax, mail, or electronic scan; use a credit card, debit card, or other online payment system that provides notification of each separate transaction to the account holder; call a toll-free number staffed by trained personnel; connect to trained personnel via a video conference; or provide a copy of a form of government issued ID that you check against a database, as long as you delete the identification from your records when you finish the verification process.

PARENTAL RIGHTS: PLUS Sometimes game developers only collect personal information for internal purposes– bug fixes, customer support, etc. If this is the case you have more flexibility re: compliance and verifiable consent. plus: Request consent via , if consent is granted to must follow up with a call, letter or at a later time. In all cases parents must be given the option to: Change/delete personal information; Revoke consent

AGE SCREENING Rated “E” for Everyone a good example of when age screening may be relevant; If your game or website qualifies as “directed to children” you cannot use age screening to bar children under 13 from playing the game/using the site; Age screening must take place before any other personally identifiable information is collected.

THIRD PARTIES: ADS AND PLUG INS If implementing ads, third party apps, or plug ins in your game/site: You must know what information they will collect; If they collect personal information you must disclose this activity in YOUR privacy policy You must provide a list of third party operators collecting personal information; You may have a single entity/individual handle inquiries on behalf of all operators

THE 2013 AMENDMENT What changed? Expansion of “personal information”: Screen names, user names, or account creation that enables direct messaging to the child; Photographs, video, audio; Geolocation; “identifiers” such as cookies, mobile device IDs, IP addresses. Clarifies role of “age-screening” Increases methods for obtaining verifiable consent Increases number of exceptions from parental consent requirements Holds websites and service providers responsible for third party collection and sharing activities Regulates data storage and deletion

INFORMATION COLLECTION BEST PRACTICES Only collect information you actually need; Frequently review third party operator collection activities– due diligence here is a must; Make sure third parties have the ability (and warrant that ability) to keep information confidential and secure; Only keep information for as long as you need it; Securely dispose of information once you’re able to get rid of it; Make sure your employees and contractors are aware of their obligations under COPPA

QUESTIONS? Skype: MonaAIbrahim