Smartphones and tablets were firmly in the realm of science fiction when the original Children's Online Privacy Protection Act was drawn up in 1998.
But that doesn't mean the US law doesn't apply to companies who do business in the now-booming mobile space.
Quite the opposite, in fact, and there are some pretty hefty fines - $16,000 per affected child - for those who don't comply with COPPAs guidelines.
We caught up with Roy Smith from COPPA compliance ecosystem outfit AgeCheq to find out what COPPA compliance means to mobile developers and publishers and what steps they'll need to take to avoid fines.
Pocket Gamer: COPPA has some major implications for the mobile industry. What's the most important thing for a developer to know about the federal law?
Roy Smith: It's difficult to pick "the most important" aspect of the recently updated COPPA law - which we call "COPPA 2.0".
COPPA 1.0 went into effect 13 years ago and was directed at web sites. The 2013 update is directed squarely at today's mobile game industry and as a whole, they are unaware of its potential impact on their business.
In my opinion, anyone who is professionally involved in the mobile game industry should educate themselves about COPPA 2.0 and consider how the law will affect them.
The penalty for not complying with COPPA 2.0 is draconian the FTC can levy a fine of up to $16,000 per child, which could easily put many game developers out of business.
COPPA was enacted while Bill Clinton was still in office, so why is it becoming such a hot button issue for developers now?
The original COPPA was put in place to cover web sites, and in the 13 years since it was enacted, many web site owners have been fined for privacy infractions. The largest fine was $3 million dollars to Playdom, a Disney subsidiary.
In 2009, as smartphones and tablets overtook desktops and laptops as the primary mode of entertainment for children, bringing with them an entirely new set of privacy invading technology, Congress drafted and approved a far-reaching update to the original COPPA law.
The new law was approved in December 2012 and it went into effect on July 1, 2013.
The reason why the new COPPA is a hot button for developers now is that it is a standing law that mandates complex new requirements for app and game developers.
Violation of the law can lead to massive fines. Very few games comply with the law at present, and experience with the original COPPA law suggests that the FTC is going to be aggressive in prosecuting companies that do not comply with COPPA 2.0.
Many developers and publishers have been lax about adopting COPPA's standards. What's in store for those who don't follow the guidelines?
The FTC has its own enforcement group that tests games in the market for compliance, and in addition, any parent who feels their childs privacy has been breached without their knowledge and approval can lodge a complaint with the FTC which can trigger an investigation.
The developer will be required to delete any personally identifiable information (PII) that it captured on underage users, and so will any third party service the app used.
Since most modern games and apps use many thirdparty services like ad networks, analytics services, push messaging services, in-app purchase services, gamification badge and leaderboard services, user retention and engagement optimization services, finding and deleting the private data captured by third parties could be expensive.
Beyond all that, the FTC typically requires violators to submit to annual privacy audits for many years (20, in the case of Facebook).
We do not think that ignoring COPPA is a viable option for any professional game or app developer whose audience could include children under 13. The penalty for failure to comply is very stringent, and could possibly put a game developer out of business.
What steps can a developer take to make sure they're COPPA compliant?
Understand the many intricate details of COPPA compliance for your mobile game; meet with your developers to find out exactly what PII each of your games captures, stores, and provides to third parties.
Most developers think they don't capture PII and thus are not subject to COPPA 2.0, but updates to the law broadened the definition of PII to include device IDs, email addresses, GPS location, and any user generated content such as screen names, avatars, photos, and video.
Most modern mobile games and apps capture some form of PII and are subject to COPPA 2.0
How can AgeCheq help developers stay on the happy side of COPPA compliance?
To explain what AgeCheq handles for the developer, it's helpful to first paint a picture of the developer's new responsibilities under COPPA 2.0.
As written, the law requires them to have a complex relationship with every parent or guardian of a child before the child downloads the app onto their device.
The law says that the developer must positively identify the parent, and must then show the parent a complete and accurate disclosure of all the PII that the game captures, stores, or provides to third parties.
At that point, the parent must take a positive action (clicking on an "I accept" button), to allow the child to download and use the game.
But wait, there's more! After the parent approves and the child is using the app, if any aspect of the games PII strategy changes, the developer must again show the disclosure to the parent for their approval.
If the parent approves, all is still fine, but if the parent decides to "revoke consent", the developer must stop the child from using the app, delete all data collected on the child, and inform all third party APIs that the game used to delete the data that was captured on the child.
From the developer's perspective, AgeCheq handles positive parental ID and all required parental disclosure, permission and revocation activity. AgeCheq frees the developer from having to create and test their own systems to handle COPPA compliance activity with the parent
From the parent's perspective, AgeCheq provides an easily understood, single-sign-on dashboard that presents privacy disclosures, and makes it quick and easy to approve games for their children. Once their account is set up, authorizing new apps for their child takes under a minute.
AgeCheq is offered free of charge to game developers and to parents. SDKs are available for iOS, Android and HTML5.
AgeCheq is described as being platform-agnostic, so are there any privacy challenges unique to iOS, Android, or Windows Phone?
No. From the COPPA perspective, each of the platforms is identical.
At present, we do not support Windows Phone, but if there is demand we could do so.
Will complying with COPPA's guidelines affect a developer's ability to monetise efficiently?
Once the initial effort of getting a positive parental ID and creating a parental account has been undertaken, the entire process of game discovery, installation and use is mostly unchanged, from that perspective, COPPA does not have much of a negative effect.
The parent's duties in complying with COPPA involve creating an account with a positive ID, registering their child's devices and then approving their childs use of each new game as it comes down the pike. However, we believe that some parents will not make the necessary effort to hold up their end of the COPPA law, and as a result their children will drop out of the market.
Developers who implement compliance systems that reduce parental friction to the minimum will be viewed favorably in the market as compared to those who create their own. If every developer "rolls their own", parents will quickly tire of repeatedly proving their identity and navigating multiple dashboards to manage their childrens digital privacy.
AgeCheq has designed a number of innovative features into our product to reduce the losses brought on by this "friction", but complying with COPPA definitely adds complexity.
We believe that just like optimized monetization and well-designed game flow, COPPA compliance presents quality developers with an opportunity to further distance themselves from their competition.
You can find out about about the services AgeCheq offers via its website.