Games that are dependent on a user’s geolocation data are often not playable until they can access the user’s personal information (geolocation), which under both COPPA and GDPR-K can’t be done without parental consent.
“COPPA covers the collection of geolocation information ‘sufficient’ to identify street name and name of city or town. One example where COPPA would be triggered is where an app takes the user’s longitude and latitude coordinates and translates them to a precise location on a map.”FTC
What if my game doesn’t store geolocation data?
In many cases, location-based games will not store the geolocation data they collect, instead, they process it in real-time. Even-so, this does not eliminate the requirement for verifiable parental consent (VPC):
“COPPA covers the collection of geolocation information, not just its use or disclosure.”FTC
The challenge has been how to get such verifiable parental consent. This has led some game developers to completely exclude kids while others have chosen to steer clear by focusing on other types of games that don’t need geolocation. This does not have to be the case…
Kids Web Services offers a VPC flow that allows the inclusion of kids in AR experiences by facilitating a COPPA-compliant process to obtain parental consent. In this guide, we’ll walk through exactly how you can utilise KWS to best effect when building AR location-based games.
Set up a KWS App
Follow these steps to set up your KWS app.
If you don’t already have access to a KWS environment; ask for a free sandbox.
Once you have set up your app, liaise with your implementation manager to hash out what other permissions are required alongside the geolocation permission.
How the permissions are described to the parent will be key to ensuring compliance and maximising conversion. Once the set-up process is complete, your implementation manager will add the permissions to your KWS App.
The User flow (kids)
Below is the flow that you should build using KWS:
Follow these steps to achieve the above flow:
- Age Gate
Identify which of your users are kids at sign-up. To achieve this, pass the user’s date of birth and their country to the Age Gate API. This API will return a flag that signals if the user is indeed defined as a ‘kid’ based on their age and country (e.g ‘isMinor’ = true).
- Kid registration
Now that you know which users are kids, direct them to a sign-up flow that is powered by KWS. Use the pre-built Single Sign On (SSO) view that you can trigger from within your app.
– Use this handy guide to define how your SSO view should function. Key to this is ensuring that the geolocation permission is requested as part of the sign-up flow (as it is essential to full gameplay).
– The SSO View is pre-built to collect the following information from the kid during sign up:
Kid’s username and password – both are used for authentication.
Kid’s display name – this is an anonymous display name that is visible to other users within your app. You may choose to turn this optional feature off if you don’t require it within your app.
Parent’s email address – KWS will use this to contact the parent whenever consent is required.
- Request parent permission
Once the registration process is complete, KWS will automatically send an email to the parent, letting them know that their child signed up to your app and that they require further permissions before using any location-based features. The parent may then choose to grant permission and go through the VPC process to verify their identity in accordance with data privacy laws.
- Check if permission is granted
Use the ‘Get User Profile’ API endpoint to periodically check what permissions the user has been granted by their parent. As soon as the geolocation permission is granted, allow the child to access location-based features.
Some best practices
Avoid completely blocking kids from accessing features that do not require the geolocation permission while they are waiting for their parent to grant them access. You can achieve this by building into your experience a limited gameplay feature or an interactive tutorial. We call this ‘progressive permissioning’ and it’s a great way to maximise engagement and conversion even when you have to obtain VPC before enabling full gameplay.
This will also avoid frustrating kids as it’s not uncommon for them to then ‘cheat the system’ by restarting the sign-up process and providing a false age.
Beyond this, giving the kid a glimpse of the experience increases the likelihood of them ‘nagging’ their parents for access to the features that lie behind permissions. This in itself drastically increases the conversion rate (the likelihood of parents granting that permission).
You’ve done it! Your app should now be accessible to the ever growing community of kid-gamers.