ESRB Privacy Certified

Welcome, traveler! Let’s venture into the world of Genshin Impact and the recent $20 million settlement agreement between game publisher HoYoverse and the Federal Trade Commission (FTC). The FTC charged HoYoverse with violating the Children's Online Privacy Protection Act (#COPPA) by unlawfully collecting and sharing personal information from Genshin Impact users under the age of 13. It also alleged that the company violated the FTC Act by using deceptive and unfair tactics to entice kids and teens to buy loot boxes that contained desirable character prizes. Check out the ESRB Privacy Certified blog for SVP Stacy Feuer's analysis of the implications of this groundbreaking settlement. And be sure to explore our top three takeaways for video game companies interacting with children and teens.

Is protecting children's privacy really "the one thing everyone agrees on?"Our SVP Stacy Feuer will discuss this question and more with Stevie DeGroff from the Colorado AG's office and Amy Lawrence from SuperAwesome during an in-depth panel on kid/teen privacy moderated by Hailun Ying from Roblox at the upcoming California Lawyers Association Annual Privacy Summit.

SVP Stacy Feuer and Senior Program Director Courtney C. teamed up with Maria Nava from Frankfurt Kurnit Klein & Selz to unpack the top five impacts of the Federal Trade Commission's new #COPPA Rule for the IAPP. Find out the key issues and compliance strategies to focus on now and let us know if you have any questions.

Our SVP Stacy Feuer is quoted in Matt Fleischer-Black’s thorough take on the state of teen privacy and safety online in The Cybersecurity Law Report (available by trial or subscription) at https://lnkd.in/eBV9Kv9q. Take a deep dive into the challenges (and solutions) ahead as concerns about teens’ digital lives cause state legislatures to pass new laws.

If you’re attending #GDC this year, please join Tyler Newby, Joe Newman, and our SVP Stacy Feuer for a stimulating discussion of what’s new in kid/teen privacy at the Video Game Bar Association annual breakfast. If you’re not stimulated by our conversation, you can still get your morning buzz from the coffee (and treats) graciously provided by breakfast sponsor Fenwick & West.

Safer Internet Day represents a great reminder for reassessing your rules and parental controls around how your kids play online video games. You may find that some kids are ready to play online with others, while some need a little more time only playing with friends and relatives. Check out our new blog, featuring a collection of tips and resources to help you identify and establish the household rules and parental controls that fit best with your kids. https://bit.ly/3CI9s7J

As we celebrate Safer Internet Day, it's a great time to review best practices for ensuring online safety for the kids in your life and with that comes a few privacy-related tips! Read on for a round-up of resources from Entertainment Software Rating Board (ESRB) President Patricia Vance: https://bit.ly/4jVZGiU.

How are we celebrating #DataPrivacyDay? With a webinar co-hosted by Daniel M. Goldberg of Frankfurt Kurnit Klein & Selz on "Data Privacy Priorities for 2025" for our ESRB Privacy Certified members and friends, featuring the IAPP's Cobun Zweifel-Keegan, J.D., CIPP/US, CIPM. Plus, some scrumptious Chinese food for the start of the #LunarNewYear tomorrow. #Privacy #YearoftheSnake

January is turning out to be a big news month, not just because of recent events in D.C. or yesterday's timely celebration of Martin Luther King Day. Last Thursday, the Federal Trade Commission (FTC) announced the final version of the long-awaited #COPPA Rule. Then, on Friday, the FTC, through the Department of Justice, filed a proposed complaint and settlement against HoYoverse, the company behind the massively popular #GenshinImpact video game, alleging violations of the Children's Online Privacy Protection Act (COPPA) and deceptive and unfair loot box practices. With a $20 million fine, a data deletion mandate, and game-changing restrictions on virtual currency loot box purchases, this settlement could reshape how video game companies engage with children and teens. Curious about the details and what it means for the industry? Read on. The proposed settlement requires HoYoverse to pay a $20 million fine and to delete all data of players under the age of 13 unless it obtains verifiable parental consent (VPC). It also bans HoYoverse from selling loot boxes to children under the age of 16 without parental consent. It prohibits the company from offering loot boxes for virtual currency unless it also offers players the option to purchase loot boxes directly with fiat money. The underlying complaint alleges that the company collected and shared personal information from children under 13 without obtaining VPC, violating COPPA. It also asserts that the company enticed children and teens to buy loot boxes for mystery prizes that obscured the real costs of in-game purchases through practices that violate the FTC Act. In particular, it sets out evidence supporting the FTC's claim that HoYoverse misrepresented the odds of winning desirable prizes known as “five-star heroes” – powerful characters that offer significant advantages for game play. The COPPA allegations and proposed remedies align with previous FTC actions against TikTok and Epic Games/Fortnite. The deception and unfairness claims, which target HoYoverse’s “pay-to-win” gacha monetization system, are more novel. They are, though, still rooted in the FTC’s long-held stance that companies should not allow children to make in-app and in-game purchases without parental authorization. There's a ton of detail in the complaint and we’ll provide a more in-depth analysis of the action in the coming days, including insights from the separate statement issued by new FTC Chair Andrew Ferguson. Although the enforcement action only binds HoYoverse, it provides a clear signal that the agency will continue to enforce COPPA vigorously and focus on an array of consumer protection issues that affect children and teenagers online. If you'd like to learn more about the HoYoverse action or FTC COPPA enforcement, please get in touch. ESRB Privacy Certified is an FTC-authorized COPPA Safe Harbor program that provides certification and compliance support for companies in the video game and toy industries.

The Federal Trade Commission issued its long-awaited final Children's Online Privacy Protection Act (COPPA Rule) today, on a 5-0 vote, with incoming Republican Chairman Andrew Ferguson concurring in the result.?The new Rule, which comes into effect 60 days after formal publication (with full compliance required within a year), sets out new requirements for the collection, use, and sharing of kids' personal data to help protect their privacy and keep them safe online. Most of the revisions are consistent with the proposals the FTC issued about a year ago through its Notice of Proposed Rulemaking although the FTC stopped short of adopting several controversial changes. (You can find our analysis of those proposals on the Privacy Certified blog.) The Rule, which hadn't been updated since 2103 -- a dozen years ago in people time and even more in technology time -- establishes new requirements on number of topics such as biometric identifiers, targeted advertising, data retention and data security, and more. It also provides more direction on "mixed audience" services under COPPA and allows "text plus" verifiable parental consent. The new Rule also imposes heightened transparency obligations for Safe Harbor programs like Privacy Certified. We're still making our way through the 225+ pages of Rule text, analysis, and Commissioner opinions. Going forward, we'll work with our program members on implementing the changes required by the Rule. Stay tuned for more in-depth takeaways. And please get in touch if we can help you comply with the new COPPA Rule. #COPPA, #kidsprivacy, #SafeHarbor