Websites, apps, games and connected devices, all considered “online services”, that are directed to or attract children, often assume they know their audience. Think again! What may appear to be clear is not always the case.
In the world of COPPA, child directed services come in two flavors. Primary child directed and mixed audience. Primary child directed means children from preschool age up to the age of and including 12 years old. Mixed audience may have the majority of users 13 and older but attracts some younger users. This means the service can take a different approach to children. Understanding mixed audience isn’t as simple as it sounds, so get it right for success and avoid a violation and an investigation by the FTC or a SAG.
Child Directed Primary Audience Overview
Where children are the primary audience, it is necessary to assume that all users are children. In these circumstances an age gate is not appropriate or compliant. If the service requires consent for the child to use it or has a registration and account creation then collect a parent email address from the child to notify the parent and seek consent.
If there is content for a parent on a primary child directed service include a clearly directed parent section where you can address the grown-ups. If the online service is for parents and there are COPPA triggers such as interest-based ads or remarketing then don’t make this your entry point for children.
Ecommerce sites and services are considered general audience. This will change if you embed a shop in a child directed site and allow children to browse, create wish lists, create a shopping cart and ability to share their wish list with family, all of which is perfectly possible but must be done compliantly. A parent could authorize a child to make purchases but this requires a simplified and streamlined permission process, such as the PRIVO iD Platform. This will also help avoid drop off and support conversion.
If you begin to track users across your brand (sites and apps) to serve recommendations based their activity you trigger COPPA. Therefore it is vital to engage the parent and seek consent which in turn builds lifetime value and engagement both of which lead to revenue generation. At the same time the brand is protected from the damage caused by a violation and the child has a safer and privacy enhanced experience building trust and loyalty with the parent.
Child Directed Mixed Audience Overview
A mixed audience must be justified. Do you know your composite audience figures? How many children and older users do you have? If the majority of your users are 13 and older but you attract a percentage of younger users then it is possible to use a mixed audience age gate to screen younger users and provide a restricted and compliant experience or to seek parent consent for them to use the unrestricted version.
Children cannot be blocked from a mixed audience site, app or online service using an age gate. Age gates were introduced by the FTC as a mechanism for services where children are not the primary audience to accommodate them.
Measures must be put in place to ensure the age can be freely entered and there is no language that signals to a child that if they were older, they would have a better experience. The gate must be neutral. It is also vital to ensure the child cannot circumvent the age gate. If they enter a DoB 12 and under drop a cookie to prevent them changing it in that session or keep the it “frozen” for a period of time. If an app employs a mixed audience age gate don’t allow the child to change the birth year once entered.
Many services that use a mixed audience age gate have no way to age up their users that turn 13, this is not a good user experience or good for business. There are ways to collect the age or a marker of age and then allow the user to access the appropriate experience once they reach 13 under COPPA or the age of consent under the EU’s General Data Protection Regulation. Seek guidance on how to do this and don’t lose your user base, undermine your business or prevent a child from accessing the full experience once they are old enough.
Note: App store parent gates are not compliant age gates – beware and seek guidance.
There are ways to achieve business needs safely for children and compliantly for COPPA and other child privacy regulations. Do your research, work with a compliance partner and safe harbor such as PRIVO to see engagement and business grow.
This blog was originally posted on September 14, 2016 and was updated on July 30, 2019.