Video Game Group Unveils Mobile Privacy Certification Plan

ESRB revamps program to comply with new children's laws

Just in time for the updates of the Children's Online Privacy Protection (Coppa) law to go into effect, the group that manages privacy self-regulation for the video game industry has expanded its program to cover mobile apps and help companies comply with the Federal Trade Commission's new rules.

The Entertainment Software Rating Board is comprised of about 25 participating companies covering thousands of domains. The ESRB has been working on the mobile counterpart to  its self-regulatory program for the past nine months in anticipation of the updates to the children's privacy laws, which go into effect July 1.

"Privacy protection is an imperative, especially when kids are involved. But achieving compliance with requirements like Coppa can be complicated, particularly for rapidly evolving platforms like mobile," said Dona Fraser, vp of ESRB Privacy Certified (the name of the program). Companies that comply with ESRB Privacy Certified are allowed to display a seal on the game's privacy policy signifying that the mobile app complies with mobile privacy standards and best practices.

The biggest challenge was figuring out how to obtain parental consent on a mobile device without forcing users to wait 24 hours. To solve the problem, ESRB turned to Veratad, which provides real-time age and identity verification.

ESRB also created a short-form privacy notice that links to a longer notice.

Another challenge was dealing with the expanded definition of personal information to include photos and videos.

ESRB is in the process of granting some mobile certifications to its members. It is also waiting for the FTC to grant ESRB's mobile privacy program safe harbor status, which essentially confers FTC blessing by proxy.

Since the ESRB's online program was the second to receive safe harbor status from the FTC for Coppa, Fraser isn't worried. "I don't anticipate not receiving it," Fraser said.