The Children's Online Privacy Protection Act (COPPA) is a United States law that applies to companies that collect personal information from children under the age of 13 online. Applications for distribution in the North American market that are subject to COPPA must comply with all the guidelines in this chapter.
6.2.1 Applications Subject to COPPA
Child-directed applications for the North American market that allow for the collection or disclosure of personal information of users must comply with COPPA and obtain consent from a parent or guardian before collecting personal information from users under the age of 13.
Specifically: if the application has Internet communication features and any of the following criteria apply, you must implement COPPACS, the COPPA compliance feature provided by the system.
- The application has specifications to collect or allow for the disclosure of any of the following information: name, address, telephone number, email address, online contact information, IP address, MAC address, device ID (system-specific ID), or device geolocation information.
- The application has specifications to exchange rich UGC either between a server and a Nintendo 3DS system, or between multiple Nintendo 3DS systems after matchmaking is performed via a server.
- The application itself has social networking features, or it uses a social network plug-in or API to link to existing social network services.
Third party titles which implement specifications described by (1) or (2), but which do not use Nintendo-provided servers to do so, are not subject to this guideline.
In such cases each third-party licensee remains responsible for determining its own legal obligations under COPPA.
COPPA applies to applications directed toward children under the age of 13. Therefore, if the target age group for users of an application is clearly 13 and over, COPPA compliance may not be necessary. If you are unsure whether this stipulation applies to your own title in development, please consult with your legal department.
6.2.2 COPPACS
The COPPA Compliance System (COPPACS) is a parental consent system designed to comply with COPPA. COPPACS is integrated into System Settings. It can take the place of an application in providing a flow to confirm the user's age, as well as a way to authenticate the parent or guardian if the user is in the age group subject to COPPA.
If your application uses COPPACS to comply with COPPA, then your application must check the restriction state with COPPACS before using any features subject to COPPA, such as a feature to send rich UGC to a server. See section 7.1.1 Types of UGC for details about rich UGC.
Use the nn::cfg::CTR::GetCoppacsRestriction function to get the COPPACS restriction state. Your application must perform the appropriate handling below in accordance with the restriction state.
-
Unauthenticated (CFG_COPPACS_RESTRICTION_NEED_PARENTAL_AUTHENTICATION)
This state indicates that the user's age has not yet been confirmed, and the parent or guardian has not yet been authenticated. In this case, you must restrict all features subject to COPPA.
In order for the user to use these restricted features, they must lift the Child Online Privacy Protection item in Parental Controls. Therefore, after checking the COPPACS restriction state, Nintendo recommends transitioning to the COPPACS setting screen in System Settings. Pass nn::applet::CTR:PARENTAL_CONTROLS_COPPACS to the nn::applet::CTR::JumpToParentalControls function to launch the COPPACS setting screen.
-
Unrestricted (CFG_COPPACS_RESTRICTION_NONE)
This state indicates that, due to a reason such as the following, there is no need to restrict features that are subject to COPPA. In this case, do not restrict any features subject to COPPA.
-
- The system's area settings are outside of the areas subject to COPPA.
- The user's age is outside of the age group subject to COPPA.
- The parent or guardian has been authenticated, and has not restricted the Child Online Privacy Protection item in Parental Controls.
-
Restricted (CFG_COPPACS_RESTRICTION_NEED_PARENTAL_PIN_CODE)
This state indicates that the parent or guardian has been authenticated, and has restricted the Child Online Privacy Protection item in Parental Controls. In this case, you must restrict all features subject to COPPA.
In this case Nintendo also recommends allowing the user to enter their PIN to temporarily lift the restriction. Use the nn::cfg::CTR::CheckParentalControlPinCode function to check the PIN.
If you implement a feature for PIN code entry to temporarily lift the restriction, you must only lift the restriction if the user enters the correct PIN. If the user correctly enters the PIN once, it is acceptable—though not required—to skip PIN entry all times thereafter. However, before doing so you must always confirm with the user whether they want to skip PIN entry all times thereafter. Likewise, you must provide a feature allowing the user to re-enable every-time PIN entry.
6.2.2.1 Supporting COPPACS
Guideline Item |
Applications that use COPPACS to comply with COPPA must check the restriction state with COPPACS before using any features subject to COPPA, and must perform appropriate handling in accordance with the restriction state. |
---|---|
Software to Be Tested |
Applications subject to COPPA, as detailed in the Applications Subject to COPPA section. |
Test Method |
Using the Config tool, go to Other Setting and set the Coppacs Setting values as shown below, performing the associated checks.
|
Pass/Fail Determination |
All Applications:
|
If the application implements a feature for PIN code entry to temporarily lift the restriction: Passes if all of the following conditions are met in step 3 in addition to meeting the conditions for All Applications.
|
|
If the application allows skipping of PIN entry all times thereafter: Passes if all of the following conditions are met in addition to meeting the conditions for If the application implements a feature for PIN code entry to temporarily lift the restriction.
|