While Filament is an educational video game developer that makes games for players of all ages, we are often hired to make games for young players who are either playing educational video games at school during class time or at home. In fact, Filament has experience launching and maintaining 30+ child-directed mobile apps and over a hundred child-directed web apps. In doing so, we have developed significant knowledge about how to make video games that comply with the Children’s Online Privacy Protection Act (COPPA).
COPPA is a law that imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. If you are making a video game for this age group, you’ll want to design your game in a way that ensures you are in compliance.
This may sound obvious but I’ll say it anyway. The best way to comply with COPPA is to simply not collect personal identifiable information (PII) from any user regardless of whether or not you put in technical safeguards to prevent children from submitting this information on their own. COPPA is the responsibility of the owner of the game, not the player, and today’s kids are savvy enough to get around your technical safeguards. Common parental gate solutions are also a low barrier. On top of that, limiting collection of any user or device information is important to prevent de-anonymization and limit the value of the concentrated data store to attackers.
There are some cases that warrant collecting limited amounts of PII for this age group so that we can implement certain features. For example, we may want our players to use identities within our apps for leaderboards, multiplayer, or cross-platform persistence. In these cases, a sound approach we use is to integrate with trusted identity providers (IdPs) such as Google Accounts and carefully limit what profile data we persist in game-related servers. For analytics, we default to using Google Analytics with IP anonymization and data retention limits.
Need more advice on how to design educational video games that comply with COPPA? Feel free to reach out!