Two years ago we launched Kids Web Services (KWS), a platform to help developers build COPPA-compliant apps and sites for the under-13 audience. As similar data privacy laws have expanded into Europe, building engagement for the kids audience has become a challenge which many brands, content owners and game developers hadn’t planned for.
One of the most challenging elements of building for kids is authentication. Under COPPA in the US and now GDPR-K in Europe (which makes the age of a child 16 in Germany, France, Italy and Netherlands), there are specific user workflows and parental consents required for a profile/registration/personalisation system in any kids service. Behind the scenes, KWS has become the platform of choice for many developers to power this functionality (and several other elements), abstracting away all of the legal complexity and allowing them to focus on the user experience.
Here are some of the lessons we’ve seen developers go through as they build kid-safe functionality for their services;
- What you lose in conversion, you gain in engagement
Although COPPA and GDPR-K create an overhead for under-13 authentication, verified kids have a much higher engagement level for your service compared to the alternative approach of avoiding any data collection or content personalisation. We have seen many of our developers achieve 10-30 times higher engagement time with under-13 users who go through a full parental consent funnel.
- Authentication for kids apps requires twice the work you think
In any buy versus build engineering decision, bear in mind that COPPA-compliant authentication requires two user flows – kids and parents. This can more than double development effort, since the kids user flow only requires authentication, but the parental user flow needs to include both authentication and permissions management.
- Most developers forget about parents (Pt 1)
A successful conversion funnel for kids requires it to be equally engaging for the parents. There are two approaches here;
- Making the locked content sufficiently compelling for the child to drag the parent to their screen and ask for permission to be granted!
- Ensuring all parent-facing content (notifications, landing pages etc) is concise and interesting.
- Mid-conversion retention for kids is often overlooked
Conversion is only half the battle, a not uncommon scenario is when kids drop off in between asking for and receiving parental permission for consent. Using progressive permissions in your game/app design (and compliant) push notifications are key to retention for this window.
- Many developers don’t realise that regular push notifications aren’t COPPA compliant
They aren’t (unless parental consent in place)!
- Developers forget about parents (Pt 2)
The potential of parental engagement is often underestimated. For developers who plan to do any kind of marketing of their apps or services, this parental exposure can decrease marketing costs and boost your UA performance.
- The maintenance cost of an internal COPPA authentication solution is high
This is another buy versus build consideration. COPPA and GDPR-K registration and parental consent flows are a series of moving goalposts. What might seem straightforward to build internally at the outset almost certainly doesn’t consider the ongoing legal and technical maintenance e.g. emerging rules within GDPR-K, emerging laws in countries (e.g. China). The downside isn’t just down-time, it’s increasingly large fines.
- Analytics and error tracking is harder in kids services
Many analytics and error tracking solutions capture IP addresses, user agents and other elements which aren’t COPPA or GDPR-K compliant. However the tracking is often invisible to developers e.g. IP is typically collected on third-party’s servers, and third-parties don’t show everything they collect on the dashboard. This requires careful due diligence on your third party providers.
- You can’t trust social plugins
If you’re using a regular social plugin as a substitute for user engagement (e.g. embedded YouTube video players etc), it’s likely you’re in breach of both COPPA and GDPR-K, as virtually all of them fire trackers with every page load. It’s a common design mistake, particularly for developers who are building for the kids audience for the first time.
- Check your own adult design bias
Are you building for kids, or your idea of kids? Any developer who says they’re building a product for ‘kids aged 3-13’ is doing the latter. There are at least three specific audiences within that bracket, and the very best way to get an eight year old to ignore your app is to put the world ‘kids’ in the title. Need an example? Show us a kid over the age of 7 who’s voluntarily using YouTube Kids instead of regular YouTube!
With more kidtech tools now available, it’s becoming easier to develop services for under-13 users which are fully compliant and highly functional. As kids become an ever-greater digital force, the reward for getting it right grows daily.
Josh is one of the most experienced kidtech architects on the planet and, unusually, is generally loved by both developers and lawyers.
Follow Josh on Twitter.