Teenage kid in his room playing a game on his laptop.

For Kids & Gaming

Protect your business by protecting kids’ privacy

COPPA and the growing list of state laws: we have your privacy practices covered.

Privacy Matters

Kids apps — not just  fun and games

While creating engaging kids' apps, developers cannot overlook the importance of user privacy.

As everyone is becoming more concerned about online safety, companies that focus on privacy not only steer clear of legal risk, but also foster trust with young users and their parents.

Is it time to update your privacy policy?

Take our Privacy Quiz
Fortnite Maker Epic Games Hit With $520 Million in Fines, in Part for COPPA Violations

In January 2023, the FTC fined Fortnight maker Epic Games $275 million for COPPA violations related to how it collected children’s personal information and allowed them to chat with adults on its platform. Regulators said Epic’s Fortnight platform must no longer have voice and text communications turned on by default for minors; now, players 13 and younger will need parental consent to use chat. Epic was also penalized for keeping some children’s data despite parents’ requests to delete it. The regulator claimed Epic made it difficult for parents to request data deletion and rejected some of those requests anyway.

source
Senate passes landmark bills to protect kids online, raising pressure on House

Two bills that recently passed the U.S. Senate would substantially increase requirements for tech platforms to protect children’s online privacy and data. Supporters of the Kids Online Safety Act (KOSA), and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – considered “the most significant restrictions on tech platforms” to pass a chamber of Congress in decades – are now pressing House members to take up the bill. Critics from the tech industry claim KOSA’s “duty of care” provision would allow regulators to force companies to suppress content they dislike. COPPA 2.0, which has not received as much industry opposition as KOSA, would increase the age for parental consent requirements, as well as ban advertisers from targeting kids and teens. If the bills eventually become law, they will likely face legal challenges from tech businesses.

source
$20 million FTC settlement addresses Microsoft Xbox illegal collection of kids’ data

The FTC is increasingly penalizing game platforms for using default privacy and consent settings that violate COPPA. In June 2023, it levied a $20 million fine against Microsoft for using default account sign-up settings for Xbox Live that allowed the company to collect and share children’s personal information before getting parental consent. The FTC also alleged Microsoft failed to disclose how it would handle children’s data, and then kept that data longer than reasonably necessary. Regulators said this penalty makes clear that COPPA covers children’s biometric and health data, which Microsoft collected for its Xbox Live platform.

source
Justice Department Sues TikTok, Accusing the Company of Illegally Collecting Children's Data

In August, the U.S. Justice Department and the FTC filed suit against TikTok, claiming the platform failed to get parental consent before collecting children’s personal data. TikTok is also accused of ignoring parents’ requests to delete children’s accounts. The DOJ alleges TikTok collected young users’ activities and profile identifiers, and then shared that data with other companies, including Meta and an analytics company. The government further claims that TikTok moderators spent only a few seconds checking accounts flagged as possibly belonging to children, showing there was no serious effort to catch and remove such accounts. The company claims the accusations relate to past reports that were inaccurate or have been resolved.

source
CCPA compliance is not child’s play—but network traffic testing can help

Regulators in California are accusing Tilting Point, the creator of the free-to-play app “SpongeBob: Krusty Cook-Off”, of failures to follow the state’s privacy rules and COPPA. They claim the app, among other violations, did not sufficiently disclose how it collected, sold or shared children’s data with third-party advertisers. Tilting Point also allegedly failed to get parental consent or notify parents that it was collecting their children’s data.

source
Eleven new state privacy laws coming in the next 12 months. Is your policy compliant?

There are 11 new state privacy laws scheduled to go into effect over the next two years, and dozens more currently under consideration by local legislatures. In July, new requirements in Florida, Oregon, and Texas could result in substantial fines for companies that are behind on data collection and consent requirements in those states. While there are similar elements among the new laws, each has unique provisions; for example, Florida’s law will primarily affect large companies, while the laws in Texas and Oregon may also apply to nonprofit groups and small businesses, respectively. Regulatory changes are coming quickly throughout the U.S., and without a thorough understanding of the new laws, your business is vulnerable to legal challenges. Common Sense Privacy closely monitors new legislation and can alert you when your policies fail to meet new requirements.

source

How we help

Avoid fines & disruption

We help you navigate the stringent requirements around protecting kids' data.

Accelerate adoption

Our scorecard helps you answer the toughest privacy questions your customers might have.

Demonstrate trust

The Privacy Seal helps you show your commitment to the highest privacy standards for kids.

Common Sense Privacy DashboardCommon Sense Privacy Dashboard - Identify gaps to relevant laws
Common Sense Privacy DashboardCommon Sense Privacy Dashboard - Follow the best privacy practices for your business
Teenage girl happy in front of a green screen. Common Sense Privacy Seal
FTC warns it will go after edtech companies misusing children’s data

In a policy statement meant to clarify COPPA, the Federal Trade Commission warned ed tech firms not to use students’ data for marketing and other commercial purposes, to eventually delete collected data, and to have adequate security procedures for protecting students’ information. The commission was especially concerned with data collected from low-income students using free apps. This new guidance is meant to include broad consent agreements from schools and districts.

source
IXL Learning faces class action lawsuit over collecting and uses kids' data

IXL Learning says its subscription-based platform follows federal privacy laws, but a new class-action suit from a group of parents alleges the company collects and uses students’ data without their knowledge or proper consent. The three Kansas families bringing the legal action are co-represented by the EdTech Law Center, a firm focused on the use of personal data in edtech. IXL claims the suit is “based on speculative concerns about educational technology in general” and does not reflect their policies.

source
FTC levies $6M penalty against Edmodo over child privacy violations

The FTC has proposed a settlement for alleged child privacy and consent violations by Edmodo, which operated a platform for virtual classes. Regulators claim the edtech firm failed in its consent requirements in part by relying inappropriately on the school to get parental consent on using children’s information for commercial purposes. They said schools and teachers “could never be solely responsible for complying” with COPPA.

source
Eleven new state privacy laws coming in the next 12 months. Is your policy compliant?

There are 11 new state privacy laws scheduled to go into effect over the next two years, and dozens more currently under consideration by local legislatures. In July, new requirements in Florida, Oregon, and Texas could result in substantial fines for companies that are behind on data collection and consent requirements in those states. While there are similar elements among the new laws, each has unique provisions; for example, Florida’s law will primarily affect large companies, while the laws in Texas and Oregon may also apply to nonprofit groups and small businesses, respectively. Regulatory changes are coming quickly throughout the U.S., and without a thorough understanding of the new laws, your business is vulnerable to legal challenges. Common Sense Privacy closely monitors new legislation and can alert you when your policies fail to meet new requirements.

source
Privacy Matters

The stakes are getting  higher when it comes to   student privacy 

With increasing scrutiny from regulators and rising expectations from parents and teachers, educational apps face significant challenges around compliance.

Privacy protection is a legal requirement, but it can also be a strategic advantage for the best players, fostering trust, recognition, and removing barriers to adoption.

Is it time to update your privacy policy?

Take our Privacy Quiz

The impact we're making

Adeel Khan
Common Sense helped us stand out in an emerging market for educators with a trusted brand, a thorough privacy review and best practice guidance.
Adeel Khan
Founder and CEO of MagicSchool.ai
Joel Hames
We are the leader in engaging and impactful online courses, and Common Sense is the leader in understanding privacy in education. Choosing their software to stay current with fast-changing privacy regulation made sense.
Joel Hames
Chief Product Officer at Subject
Yves Lermusiaux
I wanted to partner with a privacy expert, so I could focus on building my business. Common Sense's software was easy to use, helped us launch faster, and gave us confidence we were doing it right.
Yves Lermusiaux
CEO of WoPa
Lynzi Ziegenhagen
The Common Sense Privacy platform was simple to use for my early-stage startup. It is also robust enough for us to keep the same provider and continue evolving our privacy policy as the product and company grow, with the ease of a fixed annual subscription.
Lynzi Ziegenhagen
Founder of Bandio
Oliver Page
As a cyber security form focused on K12, we need to demonstrate our commitment to the highest privacy standards. Common Sense provided attorney level expertise but with the savings, convenience and access that comes from this type of software.
Oliver Page
Founder of CyberNut
Robert Miller
I am actually an attorney by training. I know HIPAA and COPPA inside and out, but I don't have time to keep up with the latest laws. The FTC is really scrutinizing privacy in health tech and I need expert help from a company I trust.
Robert Miller
Founder of Appa Health

Your trusted privacy partner

Common Sense Privacy, a Common Sense Media CompanyMove fast and save money with Common Sense PrivacyManage your privacy policy effortlessly using Common Sense Privacy.Teenage kid using his tablet.
It’s like having a fractional Chief Privacy Officer
Schedule Your Free Demo

Protect kids and
the bottom line

Our customized dashboard guidance ensures your policy keeps your users and your business safe.

Stay on top of regulations that protect kids' privacy

As your business grows, your privacy will remain up-to-date and ready to meet new challenges.

Focus on creating
amazing products

We save you precious time by closely monitoring your privacy policies and updates to regulations.

Ensure trust with
a brand parents trust

The Common Sense Privacy Seal gives parents confidence that their kids' data is handled carefully.

FAQs

Can’t find the answer to your question in this list?

Ask us directly
How do I update my privacy policy?

Simply sign up online, go through a guided interview with the Wizard, generate your draft.

Do I need any legal background

No, our wizard will walk you through the assessment, you just need to know your business.

Are Common Sense Media and Common Sense Privacy the same?

No, Common Sense Media ia a not for profit that helps families, teachers and schools make content and technology decisions. Common Sense Privacy is a public benefit spinout from Common Sense Media that helps companies stay on top of privacy regulation and build trust with their customers through best privacy practices.

Can you help me with App Store Labels?

Yes, our Wizard generates privacy policies and Google Play store labels

Is Common Sense Privacy a law firm?

No, Common Sense Privacy does not offer legal advice. We offer evaluations based on our general understanding and review of industry standards and practices.

Do I have to pay every time I generate a new privacy policy?

No, we offer an annual subscription price so you can get the advice you need when you need it, without paying again and again.

What's behind your software?

Our models are trained on Common Sense Media's 150 point rubric (developed in partnership with academics, legislators, industry experts and key stakeholders) and Common Sense's proprietary database of 5000+ company and product evaluations.

How do I earn the Common Sense Privacy Seal?

Here are the priciples that guide us when awarding the Common Sense Privacy Seal:

  • being respectful of user data
  • protecting user data
  • disclosing how targeted advertising is used
  • respecting for user anonymity across the web & apps
  • communicating user profiles creation process

If your company follows these principles, then reach out to us to apply for the Privacy Seal.

Easy, affordable, accessible
privacy solutions by Common Sense
Get started today!
Common Sense Privacy™ is a for-profit affiliate of Common Sense Media.
Copyright © 2024. All rights reserved.
NO LEGAL ADVICE. You understand and agree that CSP is not a law firm and is not providing you legal advice or representation. Any ratings or outputs of CSP's Services are subjective evaluations based on its general understanding and review of industry standards and practices. CSP’s ratings are not a legal opinion, should not be treated as a legal opinion by you or any other party, and is not a substitute for the opinion or advice of an attorney.
Contact Us

Tell us about your privacy challenges, and we'll do our best to help.

Thank you for reaching out, we'll get back to you very shortly.
Oops! Something went wrong while submitting the form.