![Current options for parental consent
Method Providers Limitations
• Email Plus consent
Internally-
implemented
• Requires parent to activate via email comm’s
• Not sufficient if info will be shared/publicized
• Signed consent form N/A
• Manual
• Requires access to printer and scanner/fax
• Not mobile friendly
Monetary transaction
Payment
processors
• Requires credit card entry and payment
• Payment via PayPal also sufficient
• [Collection of iTunes password not sufficient]
• Phone call or video
conference
N/A
• Manual
• Requires live and trained personnel
• Video-conference requires device with camera
• Govt-issued ID Various
• Requires sharing of highly-sensitive information
• Not ideal for foreign users
CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY
MUST NOT BE SHARED WITHOUT PERMISSION
11](https://image.slidesharecdn.com/shaisamet-130509181756-phpapp02/85/Shai-samet-11-320.jpg)
Uploaded by500 Startups
Shai samet
This document discusses changes to the Children's Online Privacy Protection Act (COPPA) and strategies for companies to comply. It outlines what new types of personal information are regulated, such as geolocation, photos/videos, and behavioral advertising. Companies face fines for noncompliance. The document suggests techniques like anonymizing child data and directing sites to older users. It recommends parental email consent and avoiding ID collection. Contextual ads and e-commerce are highlighted as viable revenue models. Distribution through curated kids' platforms and schools is advised.
More Related Content
![Child online safety_gsma_2019[1] 3](https://cdn.slidesharecdn.com/ss_thumbnails/childonlinesafetygsma201913-190818155007-thumbnail.jpg?width=640&height=640&fit=bounds)
Shai samet
- 1. Old COPPA, NewCOPPA “Get Out of Jail Free” 500 Startups – MamaBear Conference Presented by Shai Samet May 10, 2013 CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION
- 2. Basic COPPA equation CONFIDENTIALAND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 2 personal information collected from child under 13 via the web (site, app, tablet, etc.) Verifiable Parental Consent (plus other requirements)
- 3. User acquisition costs (kidSAFEsurvey – Jan 2013) CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 3 Companies polled: AOL, Fantage, Gaia Online, Highlights for Kids, Pearson, TBS, WebKinz, many others
- 4. Penalties for non-compliance •Up to $16,000 per violation • Over 20 FTC lawsuits and $8.4 million in fines since 2000 • Recent fines for COPPA violations: – Path (app developer) – $800,000 – Artist Arena (various music artist sites) – $1,000,000 – RockYou (social game site) – $250,000 – Disney’s Playdom (for violations by acquired company) – $3,000,000 CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 4
- 5. Old COPPA vs.New COPPA CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION
- 6. Key information andfeatures regulated under new COPPA CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 6 CONTACT INFO First and Last Name Home/mailing address Email address Phone numbers Social Security Number “personal information” SCREEN/USER NAME “personal” in some scenarios (email, AIM, Skype name, etc.) THIRD PARTY PLUG-INS Integration with no VPC means strict liability GEOLOCATION “personal” unless location is not detailed enough BEHAVIORAL ADS/PROFILES “personal” if tracking across multiple services & over time PHOTOS, VIDEOS, AUDIO “personal” if contains image or voice of child
- 7. Photos, videos, audiofiles (SnapChat, Faces iMake illustrations) CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 7 temporary viewing by others = “collection/disclosure” faces alone (with no other PI) = VPC
- 8. Geolocation information (News-O-matic illustration) CONFIDENTIALAND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 8 Opt-in prompt not enough under new COPPA Consider coarse location or not uploading the data
- 9. Behavioral ads andsocial plugins (WebKinz, NeoPets illustrations) CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 9 Behavioral ads no more (contextual ads OK) FB Connect needs VPC (link to fan page OK)
- 10. Verifiable Parental Consent CONFIDENTIALAND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION
- 11. Current options forparental consent Method Providers Limitations • Email Plus consent Internally- implemented • Requires parent to activate via email comm’s • Not sufficient if info will be shared/publicized • Signed consent form N/A • Manual • Requires access to printer and scanner/fax • Not mobile friendly Monetary transaction Payment processors • Requires credit card entry and payment • Payment via PayPal also sufficient • [Collection of iTunes password not sufficient] • Phone call or video conference N/A • Manual • Requires live and trained personnel • Video-conference requires device with camera • Govt-issued ID Various • Requires sharing of highly-sensitive information • Not ideal for foreign users CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 11
- 12. CONFIDENTIAL AND PROPRIETARYTO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 12 Likelihood of industry adoption (kidSAFE survey – Jan 2013)
- 13. Penalties for non-compliance (justa reminder) • Up to $16,000 per violation • Over 20 FTC lawsuits and $8.4 million in fines since 2000 • Recent fines for COPPA violations: – Path (app developer) – $800,000 – Artist Arena (various music artist sites) – $1,000,000 – RockYou (social game site) – $250,000 – Disney’s Playdom (for violations by acquired company) – $3,000,000 CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 13
- 14. Considerations for Startupsand Investors CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION
- 15. Scaling user growth (COPPAtechniques and loopholes) • Anonymize child-directed features – Limit sign-up process to anonymous info (username, password, etc.) – For interactive features (chat, UGC), filter on the back-end to avoid upfront consent requirement – For mobile features (geo-location, photos), keep data local to the device (do not upload/share) – Utilize COPPA’s parental consent exceptions for other features • Direct your account sign-up process to older users (when allowed) – If kids under 13 not your “primary audience”, you can limit registration to users 13 and older – On sites/apps directed to preschoolers, collect registration info from parents/adults – Put behavioral ads and social plug-ins behind special parents section (or 13+ section) • When parental consent is required, use least burdensome method – Avoid collection of payment solely for consent purposes – Avoid collection of govt-issued ID (last 4 of SSN, driver’s license) – Consider email-based consent as first option CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 15
- 16. Parent-directed registration (StoryBots illustration) CONFIDENTIALAND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 16 Messaging on the page and within data fields must be clearly directed to parents
- 17. Parent lock forsocial features (StoryBots, TocaBoca app illustrations) CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 17 Math problem before access to web or social sharing features Swipe to access parents section or apps for sale
- 18. Most viable revenuestreams (under new COPPA) • E-commerce and retail (tied to compelling content or experience) – Virtual goods, subscriptions, premium content/features (e.g., Wizard 101) – Game/app downloads, in-app purchases (e.g., Minecraft, Toca Boca) – Tablets, toys, offline merchandise (e.g., Nabi, Skylanders, Moshi Monsters) – Brands/stories with TV or licensing potential • Contextual ads – Display, text, or video ads (all OK) – NOT behaviorally-targeted or retargeted ads • NOT models dependent heavily on social sharing/connections – Hard to scale with current COPPA restrictions CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 18
- 19. Distribution ideas • Kid-directedplatforms – Popular gaming portals (e.g., Miniclip) – Kids’ tablets (e.g., nabi, Kurio) – Other curated environments (e.g., Zui.com, Magic Desktop) • Schools – For properties with educational, nutritional, or creative utility (e.g., myNutratek, Minecraft) – Schools/teachers can provide consent in lieu of parents • Participation in kidSAFE – Get noticed by users visiting our site from other popular sites/properties – Reach our growing database of parents CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 19
- 20. CONFIDENTIAL AND PROPRIETARYTO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 20 About kidSAFE Seal Program • Leading safety “seal of approval” program – Certifying kid-directed sites, apps, software, tablets, and other technologies – GLOBALLY – Over 100 seal holders since public launch in April 2012 – Fast becoming the industry standard for “online safety” • kidSAFE+ membership offers full COPPA audit – Qualifiers receive prestigious kidSAFE+ Seal and many other benefits – Application for FTC approval coming soon • Business-friendly, responsive, and highly knowledgeable – Founder is former attorney and long-time COPPA expert • For more info, visit kidsafeseal.com or email shai@kidsafeseal.com
- 21. Some of ourcustomers WEBANDPC CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION 21 MOBILE Collectively, these few sites alone account for over 15M unique visitors a month in the US alone (Source: Compete.com)
- 22. Questions? (happy to sharethe deck) CONFIDENTIAL AND PROPRIETARY TO SAMET PRIVACY MUST NOT BE SHARED WITHOUT PERMISSION Upcoming kidSAFE Webinar on COPPA – May 30, 2013 (featuring open Q&A session with the FTC) REGISTER HERE