Online Gaming Parental Consent
What is Online Gaming Parental Consent?
Online gaming has become a widespread phenomenon in the US since the early 2000s, bringing kids, teenagers, and adults into video game interactions that go far beyond their homes. The ability of children to access and play online games on computers, laptops, tablets and mobile phones has led to many concerns about such access. These concerns are a part of the reason for the passing of a federal law known as the Children's Online Privacy Protection Act (COPPA) back in 2000.
Parental consent is typically a necessary condition for children to access and use most online features and sites, including online gaming platforms and gaming apps. Regulations such as COPPA were created to ensure that online gaming companies and other online businesses properly gain consent from and provide notifications to parents and legal guardians when a child’s personally identifiable information (PII) could potentially be granted to a third party. COPPA was designed to specifically protect the data of children who are under 13 years of age, but each state has their own age ranges in which parental consent for gaming and other online activities must be sought by the online companies providing the services for children to enjoy.
What Do Parents Consent to Exactly?
Online gaming tends to gather information about the users of their gaming platforms, as well as pay-to-play features and other gaming content that can be purchased with a parent’s credit information. For these reasons, parents and legal guardians should know precisely what they are consenting to when they allow their children to play online games.
- That the parents can analyze a child’s personal information, instruct the online business to delete already gathered information, and they can halt any future information collection activity that involves the child
- That the parent can consent to the collection and disposal of their child’s data but can still deny third parties access to such information unless the access is a necessary part of the service (for instance, a social networking site might work with third parties and may certain information in some circumstances)
- That the business will only have the child disclose the minimum information necessary for them to partake in a given online activity that the gaming or online site provider maintains
- The specific means by which the parents can exercise their privacy and data rights.
Online gaming businesses must provide parents with "direct notice" of their specific information gathering procedures before they collect any information from children. Any changes to the information collection procedures that parents already consented to will necessitate that an updated direct notice be given to parents to review and to consent to it. Both of these direct notice” rules are stipulated by COPPA.
The direct notice should be readily comprehensible and should be free of vague or confounding information. Before children can play the majority of online games and engage in many other online activities, their parents must be made aware of and consent to these direct notices. Direct notices must inform parents of the following:
- That for the child to participate in a company’s online game(s), the company must gather some personal information from them
- What the business plans to do with the gathered information, and how that information may be disclosed to third parties or external vendors
- That the consent from the parent is a necessary condition for any further information collection, use, and disclosure to other parties
- That the business gathered the parent’s online contact information merely to request their consent
- The precise process of how parents can grant (or deny) their consent
- A statement that if the parent does not provide consent within a fair amount of time, the business will erase the parent’s contact information from their online records.
Methods for Gaining Parental Consent
COPPA doesn’t demand any particular way for parents to grant their consent to businesses who plan to disclose, collect, or use personal information from children. The regulation only requires that the method for gaining such consent must be technologically sophisticated enough to make certain that the individual granting consent to the information collection and use is the actual parent.
Online gaming service providers can request parental consent in a variety of ways, including:
- Having the parent answer a set of challenge questions that only the parent could reasonably be expected to know
- Requiring the parent to provide two separate forms of photo ID, which can then be compared to one another with facial recognition software
- Asking the parent to provide a credit/debit card or another online payment method that can notify the account holder of each transaction that occurs from the game
- Requiring account authentication information on gaming consoles, where the parent is typically the master account holder
- Requesting that the parent provides a copy of an ID issued by a government that can be checked against a geographical database, with the caveat that the ID must be erased from the business’s records once the parental verification process is complete.
Preventing Parental Consent Fraud
Online gaming parental consent has steadily improved over the years thanks to the conscientiousness of concerned parents and the generally positive culture of customer support in the gaming industry. To prevent parental consent fraud, it’s important for parents to be proactive with monitoring their child’s online gaming activities. Appropriate online boundaries should be discussed with children so that they do not inadvertently consent to information being collected or used that the parent would not have allowed. Parents should stay informed of the latest ways for them to give and deny consent when it comes to information being gathered and possibly disclosed that concerns their children.
Ready for the next step?
Ensure that every solution you use is safe, secure and compliant with ever-changing GDPR, PSD2 and other personal data standards and regulations. Our authentication solutions take care of that for you.