Old COPPA, New COPPA“Get Out of Jail Free”500 Startups – MamaBear ConferencePresented by Shai SametMay 10, 2013CONFIDENTIA...
Basic COPPA equationCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION2personalinformation...
User acquisition costs(kidSAFE survey – Jan 2013)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT P...
Penalties for non-compliance• Up to $16,000 per violation• Over 20 FTC lawsuits and $8.4 million in fines since 2000• Rece...
Old COPPA vs. New COPPACONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
Key information and featuresregulated under new COPPACONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHO...
Photos, videos, audio files(SnapChat, Faces iMake illustrations)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE S...
Geolocation information(News-O-matic illustration)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT ...
Behavioral ads and social plugins(WebKinz, NeoPets illustrations)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE ...
Verifiable Parental ConsentCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
Current options for parental consentMethod Providers Limitations• Email Plus consentInternally-implemented• Requires paren...
CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION12Likelihood of industry adoption(kidSAF...
Penalties for non-compliance(just a reminder)• Up to $16,000 per violation• Over 20 FTC lawsuits and $8.4 million in fines...
Considerations for Startups and InvestorsCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
Scaling user growth(COPPA techniques and loopholes)• Anonymize child-directed features– Limit sign-up process to anonymous...
Parent-directed registration(StoryBots illustration)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOU...
Parent lock for social features(StoryBots, TocaBoca app illustrations)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NO...
Most viable revenue streams(under new COPPA)• E-commerce and retail (tied to compelling content or experience)– Virtual go...
Distribution ideas• Kid-directed platforms– Popular gaming portals (e.g., Miniclip)– Kids’ tablets (e.g., nabi, Kurio)– Ot...
CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION20About kidSAFE Seal Program• Leading sa...
Some of our customersWEBANDPCCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION21MOBILECol...
Questions?(happy to share the deck)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSIONUpcom...
Upcoming SlideShare
Loading in...5
×

Shai samet

1,173

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,173
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Shai samet

  1. 1. Old COPPA, New COPPA“Get Out of Jail Free”500 Startups – MamaBear ConferencePresented by Shai SametMay 10, 2013CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
  2. 2. Basic COPPA equationCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION2personalinformationcollected fromchild under 13via the web(site, app, tablet, etc.)Verifiable Parental Consent(plus other requirements)
  3. 3. User acquisition costs(kidSAFE survey – Jan 2013)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION3Companies polled: AOL, Fantage, Gaia Online, Highlights for Kids, Pearson, TBS, WebKinz, many others
  4. 4. Penalties for non-compliance• Up to $16,000 per violation• Over 20 FTC lawsuits and $8.4 million in fines since 2000• Recent fines for COPPA violations:– Path (app developer) – $800,000– Artist Arena (various music artist sites) – $1,000,000– RockYou (social game site) – $250,000– Disney’s Playdom (for violations by acquired company) – $3,000,000CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION4
  5. 5. Old COPPA vs. New COPPACONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
  6. 6. Key information and featuresregulated under new COPPACONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION6CONTACT INFOFirst and Last NameHome/mailing addressEmail addressPhone numbersSocial Security Number“personal information”SCREEN/USER NAME“personal” in some scenarios(email, AIM, Skype name, etc.)THIRD PARTY PLUG-INSIntegration with no VPCmeans strict liabilityGEOLOCATION“personal” unless location isnot detailed enoughBEHAVIORAL ADS/PROFILES“personal” if tracking acrossmultiple services & over timePHOTOS, VIDEOS, AUDIO“personal” if containsimage or voice of child
  7. 7. Photos, videos, audio files(SnapChat, Faces iMake illustrations)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION7temporary viewing by others = “collection/disclosure”faces alone (with no other PI) = VPC
  8. 8. Geolocation information(News-O-matic illustration)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION8Opt-in prompt not enough under new COPPAConsider coarse location or not uploading the data
  9. 9. Behavioral ads and social plugins(WebKinz, NeoPets illustrations)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION9Behavioral ads no more (contextual ads OK)FB Connect needs VPC (link to fan page OK)
  10. 10. Verifiable Parental ConsentCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
  11. 11. Current options for parental consentMethod Providers Limitations• Email Plus consentInternally-implemented• Requires parent to activate via email comm’s• Not sufficient if info will be shared/publicized• Signed consent form N/A• Manual• Requires access to printer and scanner/fax• Not mobile friendlyMonetary transactionPaymentprocessors• Requires credit card entry and payment• Payment via PayPal also sufficient• [Collection of iTunes password not sufficient]• Phone call or videoconferenceN/A• Manual• Requires live and trained personnel• Video-conference requires device with camera• Govt-issued ID Various• Requires sharing of highly-sensitive information• Not ideal for foreign usersCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION11
  12. 12. CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION12Likelihood of industry adoption(kidSAFE survey – Jan 2013)
  13. 13. Penalties for non-compliance(just a reminder)• Up to $16,000 per violation• Over 20 FTC lawsuits and $8.4 million in fines since 2000• Recent fines for COPPA violations:– Path (app developer) – $800,000– Artist Arena (various music artist sites) – $1,000,000– RockYou (social game site) – $250,000– Disney’s Playdom (for violations by acquired company) – $3,000,000CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION13
  14. 14. Considerations for Startups and InvestorsCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION
  15. 15. Scaling user growth(COPPA techniques and loopholes)• Anonymize child-directed features– Limit sign-up process to anonymous info (username, password, etc.)– For interactive features (chat, UGC), filter on the back-end to avoid upfront consent requirement– For mobile features (geo-location, photos), keep data local to the device (do not upload/share)– Utilize COPPA’s parental consent exceptions for other features• Direct your account sign-up process to older users (when allowed)– If kids under 13 not your “primary audience”, you can limit registration to users 13 and older– On sites/apps directed to preschoolers, collect registration info from parents/adults– Put behavioral ads and social plug-ins behind special parents section (or 13+ section)• When parental consent is required, use least burdensome method– Avoid collection of payment solely for consent purposes– Avoid collection of govt-issued ID (last 4 of SSN, driver’s license)– Consider email-based consent as first optionCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION15
  16. 16. Parent-directed registration(StoryBots illustration)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION16Messaging on the page and within data fields must be clearly directed to parents
  17. 17. Parent lock for social features(StoryBots, TocaBoca app illustrations)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION17Math problem before access to web or social sharing featuresSwipe to access parents section or apps for sale
  18. 18. Most viable revenue streams(under new COPPA)• E-commerce and retail (tied to compelling content or experience)– Virtual goods, subscriptions, premium content/features (e.g., Wizard 101)– Game/app downloads, in-app purchases (e.g., Minecraft, Toca Boca)– Tablets, toys, offline merchandise (e.g., Nabi, Skylanders, Moshi Monsters)– Brands/stories with TV or licensing potential• Contextual ads– Display, text, or video ads (all OK)– NOT behaviorally-targeted or retargeted ads• NOT models dependent heavily on social sharing/connections– Hard to scale with current COPPA restrictionsCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION18
  19. 19. Distribution ideas• Kid-directed platforms– Popular gaming portals (e.g., Miniclip)– Kids’ tablets (e.g., nabi, Kurio)– Other curated environments (e.g., Zui.com, Magic Desktop)• Schools– For properties with educational, nutritional, or creative utility (e.g., myNutratek, Minecraft)– Schools/teachers can provide consent in lieu of parents• Participation in kidSAFE– Get noticed by users visiting our site from other popular sites/properties– Reach our growing database of parentsCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION19
  20. 20. CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION20About kidSAFE Seal Program• Leading safety “seal of approval” program– Certifying kid-directed sites, apps, software, tablets, and other technologies – GLOBALLY– Over 100 seal holders since public launch in April 2012– Fast becoming the industry standard for “online safety”• kidSAFE+ membership offers full COPPA audit– Qualifiers receive prestigious kidSAFE+ Seal and many other benefits– Application for FTC approval coming soon• Business-friendly, responsive, and highly knowledgeable– Founder is former attorney and long-time COPPA expert• For more info, visit kidsafeseal.com or email shai@kidsafeseal.com
  21. 21. Some of our customersWEBANDPCCONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSION21MOBILECollectively, these few sites alone account for over 15M unique visitors a month in the US alone (Source: Compete.com)
  22. 22. Questions?(happy to share the deck)CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACYMUST NOT BE SHARED WITHOUT PERMISSIONUpcoming kidSAFE Webinar on COPPA – May 30, 2013(featuring open Q&A session with the FTC)REGISTER HERE

×