Developers of children’s apps need to be competitive. Any marketing budget must be spent with a view to achieving the best return on investment (ROI). Without the ability to perform attribution, developers may be reluctant to build dedicated children’s apps as monetization options are limited. Children at the same time deserve and have a right to experiences that do not impact their privacy rights.
This problem has been further compounded by Apple which announced that iOS14 would no longer support the collection and use of the IDFA (Identifier for Advertiser’s).
The regulatory requirements:
Privacy regulations prohibit profile building and tracking of children. In the US the COPPA does not allow for the collection and sharing of a persistent identifier to track children across the internet and build a profile of them without the highest level of consent, full verifiable parental consent.1 However, the GDPR2 and guidance from the European Union3 state profile building and automated decision making should not involve a child.
Singular built a privacy enhanced attribution service that can support developers and marketers without violating the regulations and impacting children’s privacy. A solution was also needed to ensure third party services, such as attribution, could operate without using the IDFA pending the release of iOS14.5.
Singular took its standard attribution solution and looked at ways to continue to provide the service without sharing personal information (PI). The standard solution sends a persistent identifier in what is called a post back to track the user that has downloaded and installed the app to the ad they came from.
Singular developed methods for attribution campaigns without sharing any personal information. The standard solution would send a persistent identifier in a postback to track the user who has installed the app back to the ad they came from. Singular developed a fully customizable postback system that enables advertisers to choose exactly which information to share, if at all.
The solution is compatible with Non Self Attributing Networks and it allows advertisers to disable postbacks from Singular altogether or send only non-PI postbacks ("yes/no" using a random ID). Some of these networks (especially gaming-oriented channels) can adequately function without these postbacks from Singular.
Singular shared its new solution with PRIVO for assessment to ensure that there was no risk of a child’s data being shared and that the solution met the following COPPA requirement:
Where an operator collects a persistent identifier and no other personal information and such identifier is used for the sole purpose of providing support for the internal operations of the Web site or online service. In such case, there also shall be no obligation to provide notice under §312.4; c.f.r 312.5 (7)
Where support for the internal operations of the Web site or online service means:
(1) Those activities necessary to: (i) Maintain or analyze the functioning of the Web site or online service; (ii) Perform network communications; (iii) Authenticate users of, or personalize the content on, the Web site or online service; (iv) Serve contextual advertising on the Web site or online service or cap the frequency of advertising; c.f.r 312.2
PRIVO also reviewed the solution for compliance with its GDPRkids™ Privacy Assured Program examining the controls in place to support customers with child directed apps to ensure they have a lawful basis for processing the identifiers collected.
Singular has implemented robust controls to ensure compliance including contractual agreements, audits and a rigorous training program for the Singular team.
PRIVO prepared a Privacy Risk and Compliance Assessment and a DPIA (Data Processing Impact Assessment) and determined that the solution posed little or no risk to children if the controls are implemented correctly.
Singular is an attribution and analytics solution app marketers use to view marketing performance and ROI. Singular supports marketers to measure campaign effectiveness by attributing app installs, revenue, and other conversions to an ad or marketing effort. It allows marketers to maximize the impact of their ad spend. Visit Singular's website to learn more about their services: https://www.singular.net/
PRIVO is an FTC approved COPPA Safe Harbor. COPPA stands for the Children’s Online Privacy Protection Act. PRIVO’s Kids Privacy Assured solution also includes GDPRkids™ and Student Digital Privacy Programs. The GDPR is the European Union’s General Data Protection Regulation.
*Case Study Originally Published September, 2021