ESRB Privacy Certified’s Post

Useful & practical guidance on how to design & develop games which respect children’s privacy from the Nordic DPAs. 👶🏼👧🏽 Some practical tips: 🎮 Fairness in processing personal data: Consider your specific audience. Children are not a homogenous group. 🎮 Transparency: Consider putting in place a separate privacy notice for children, in addition to one for parents & legal guardians. 🎮 Data Minimisation: Switch off by default for in-game settings interfering with the child’s privacy and data protection rights. In the context of games: avoid tracking of geographic location, access to contacts, voice recording, synchronization with social media, etc. unless fundamentally necessary for the purpose(s) of playing that specific game. 🎮 Accountability: Consider how to document the details of the design choices and the security measures you have put in place to guarantee compliance with the GDPR and be prepared to demonstrate their effectiveness. #privacyfridays

Exciting news from the world of online gaming privacy compliance! 🎮🔒 k-ID is pioneering a platform to streamline children's privacy compliance for developers, aligning with the growing emphasis on safeguarding children's personal data amid complex global regulations. Key highlights: ☑ Industry Impact: k-ID's technology platform addresses the unique challenges of protecting children's privacy in the online gaming sector. ☑ Financial Backing: With USD 5.4 million in funding secured last year, k-ID is poised to enhance its platform and resources. ☑ Global Compliance: The platform offers tailored solutions to comply with diverse data privacy regulations in over 200 markets worldwide, ensuring age-appropriate gaming experiences. ☑ Expert Leadership: Led by seasoned professionals, k-ID brings a wealth of experience to the table, including expertise from Tencent, Google, and Meta. ☑ Family Platform: Empowering parents, k-ID's Family Platform simplifies parental controls, allowing them to manage their child's online gaming experience effortlessly. This innovative platform is reshaping the landscape of online gaming privacy compliance, making it easier for developers to navigate regulatory requirements while prioritizing children's privacy and safety. Stay tuned for more updates! #PrivacyCompliance #OnlineGaming #ChildrensPrivacy #Gaming #Privacy #Data https://lnkd.in/gFgzVN5w

Microsoft will pay $20 million to settle charges that it violated the COPPA when it collected children’s data without parental consent and retained that data. It will also be required to boost its children’s privacy practices. The claim arose from Microsoft’s poor privacy practices relating to its Xbox gaming system. Microsoft’s sign-up process asked users to provide their email address, name, date of birth and, prior to late 2021, their phone number. Despite some users flagging that they were children under 13, Microsoft collected and retained this information without requesting parental consent. Under the settlement order, Microsoft will also be required to: 👉 Provide additional notices to parents who have not created a separate account for their child that doing so will provide privacy protections for their child/ren under 13 by default; 👉 Obtain parental consent for accounts created before May 2021 (where the user is still a child today); 👉 Establish and implement compliant data retention and deletion processes for children’s data. 👉 Implement systems that notify publishers when disclosed information relates to a child and that require publishers to apply COPPA protections. Interestingly, the order also clarifies that avatars generated from a child’s image fall under the COPPA. Read more about the FTC's enforcement priority focusing on COPPA: https://buff.ly/3XPGyIZ

If others are engaging in wrongdoing, refrain from following their lead. Remember, if they end up in a difficult situation, you might find yourself there alongside them. Let me share a story from my past. I was in the 7th grade, and we were having a naat competition. Bringing notes onto the stage was prohibited, but I had a fear of forgetting my lines. I observed another student bringing a note to the stage, relying on it to recite. Approaching my teacher, I pointed to the student and asked, 'Could I bring my own note too?' After a thoughtful pause, she nodded her approval. Curious about the outcome? I secured the 4th position, solely due to that piece of paper. Interestingly, the students I emulated didn't secure any position either. The principal approached me, remarking, 'Asif, you could have clinched victory in the competition had you adhered to the rules.' That day left an indelible lesson with me: avoid following the crowd, especially when you know they're engaged in misconduct, even if they seem to be evading consequences. #LearningInProgress #RulesOfSuccess #EthicalChoices #CompetitionExperience #LearningFromMistakes #FollowingRules #PersonalGrowth #SuccessJourney #Individuality #PositiveLesson #AdheringToGuidelines #StandingOut

On line regulation in UK is becoming much more rigorous and will take child protection on the internet to new levels - the article below is a great explanation of the implications. TrustElevate.com Dr Rachel O'Connell #gambling #ageverification #childageverification #privacy #gaming #edtech #streaming https://lnkd.in/dQwTm4-n

Our world-leading Children’s code means young people are better protected online than they’ve ever been. Bringing in the code has led to changes by social media platforms, gaming websites and streaming services, which now need to provide better privacy protections for children. Websites and products affected by the code need to provide additional layers of protection for children’s data. This might involve restricting or removing certain features to children if they’re under 18. Some of the things you might see are: • privacy settings being automatically set to very high; • children and their parents/carers being given more control of the privacy settings; • non-essential location tracking being switched off; • children no longer being ‘nudged’ by sites through notifications to lower their privacy settings; and • clearer and more accessible tools being in place to help children exercise their data protection rights (including parental consent tools). UK Information Commissioner, John Edwards, was in Cambridge to talk to industry, academia and regulators from across Europe to make sure that progress continues. Read more about the code: https://lnkd.in/eSHXHpzG

Sharing a few highlights from Mark's conversation with Kevin McLaughlin about the ever-evolving realm of data collection and privacy. Watch the short video to learn the evolving challenges of GA4 transition, iOS 14, and the nuanced dynamics of Facebook's tracking capabilities amidst privacy regulations. #coldsmokecreative #shopifyplus #shopifypluspartner

The California Attorney General is doing an enforcement sweep of streaming services! Specifically, they’re checking whether sell/share opt-out mechanisms are easy enough for consumers to use. Below are some specific examples that the Attorney General’s office will be looking for: ▶ Consumers with a SmartTV should be able to navigate to the settings menu in a streaming service’s mobile app and enable the service’s “Do Not Sell My Personal Information” setting. ▶ Consumers should be able to have this choice honored across different devices if they’re logged into their account when they send their opt-out request. ▶ Consumers should be able to easily find a streaming service’s privacy policy that explains their privacy rights. Any company that works with consumers, especially across devices, can benefit from reviewing this guidance and watching how this enforcement continues. Read more in the press release: https://lnkd.in/g_guWF_Q #privacy #optout #ccpa 

Another #CCPA #settlement: The focus this time is on the failure to get proper consent for selling #children's personal information. [There are also unfair competition and COPPA claims!] For those counting at home, each CCPA settlement has involved a sale component. Tilting Point Media allegedly marketed a SpongeBob game to children without getting parental consent (for minors under 13) or valid consent from the data subject (for minors 13 to 16) before selling/sharing personal information. The company deployed an age-screening tool that discouraged users from providing their true age. Even if a user entered their true age, their data was sold or shared without consent because Tilting Point misconfigured SDKs in way that ignored consent requirements. Key Takeaways ❗ Use unbiased age screens (e.g., avoid default setting as adult) ❗ Configure SDKs properly and audit them ❗ Disclose selling/sharing practices in privacy policy ❗ Assess whether you sell/share minors' PI (liability attaches for "willful disregard" -- no actual knowledge requirement) ❗ Address deficiencies identified by self-regulatory bodies (or others) Legal Background ✳ The CCPA requires consent before selling or sharing PI on minors (people under 16). ✳ Parental consent is required if the child is under 13, while the minor can consent if they are 13 to 16 years old). Allegations ▶ Tilting Point sells and shares data on users of its game. ▶ Tilting Point's terms said users under 13 were not permitted to use the game, but the company knew children were using the service. ▶ In September 2022, a self-regulatory body told Tilting Point that it was failing to obtain verifiable consent before disclosing minors' data. ▶ The same group told Tilting Point it was using an ineffective screening tool for identifying minors: The game asked users to enter their birthdate, but the year defaulted to 1953. ▶ The defective screening tool encouraged users to enter the wrong age, which likely directed users to a version of the game where their data was sold/shared without consent. ▶ Even if users entered their true age, Tilting Point misconfigured SDKs in a way that resulted in the sale/sharing of minors' data without consent. ▶ The company failed to adequately audit and review its SDK usage to ensure CCPA compliance. ▶ Tilting Point's privacy policy was unclear on whether it sold/shared minors' personal information. Settlement 🛠 Comply with the CCPA ⏰ Provide just-in time notice covering consent for sales/sharing ✏ Update privacy policy to discuss sales/sharing, including details of such processing via SDKs 👶 Deploy unbiased age screening tool (i.e., no default above 16, avoid suggesting features unavailable based on answers, and note accuracy is important) 🔧 Adopt framework for reviewing SDK deployment 🔎 Share reports with AG on compliance measures 💲 Pay $500,000 fine

Big changes are coming to children's online privacy! 🤔 For over 25 years, COPPA has been our shield for children's online privacy. Now, with new updates proposed by the FTC, it's evolving to better protect our kids in today's digital age. What's new? COPPA 2.0 aims to extend protections to teens, ban targeted ads, and introduce an "eraser button" for personal data deletion. These changes come as part of a broader effort to keep up with the rapid advancements in technology and the unique privacy challenges faced by young users. States like Maryland are leading the way with age-appropriate design codes, while federal legislation like the American Privacy Rights Act seeks to create a comprehensive framework for youth privacy. The road ahead is complex, but one thing is clear: our commitment to safeguarding the online experiences of kids and teens is stronger than ever. Stay informed and engaged as we navigate these important changes. #PrivacyMatters #COPPA #DigitalSafety #TeenPrivacy #DataProtection #TechUpdates