COPPA and child-directed apps

In this article, we explain how we work with mobile apps that indicate to us that they are child-directed apps subject to the US Children’s Online Privacy Protection Act (“COPPA”), and to other applicable data protection laws, such as the EU General Data Protection Regulation (“GDPR”), that restrict processing of information collected from children.

When a publisher adds a new app to the ironSource platform, or at any time while using the ironSource platform, the Publisher must inform ironSource if the app is directed to children, as required by applicable law, as explained in this article. 

As a Publisher, you are responsible for:

  • Evaluating your apps, and determining if your apps are child-directed
  • Correctly flagging your apps as child-directed on your ironSource dashboard, and setting the COPPA SDK Functionality, as further explained below
  • Ensuring that your apps comply with applicable laws

To further understand your obligations under the COPPA, we recommend that you read the materials here: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy

Publishers must choose for each of their apps the correct flag that applies to their apps, as further explained below.  

How to flag apps as not directed to children 

If your app is not directed to children, as defined by the COPPA, you should choose the “not directed to children” flag in the dashboard (as seen in the screenshot below). In this case, you can still use the COPPA SDK Functionality to flag specific devices for compliance with applicable laws, such as the GDPR, or the UK’s Age Appropriate Design Code.

not COPPA

If the app is primarily directed to children (as defined by the COPPA), the publisher should flag the app in its dashboard as follows. This flag will apply to all end-users of the app. Also, the flag will apply only with respect to ironSource’s own ad network, and will not have an effect on any third-party ad network. Please see below information regarding ironSource Mediation.

Please note that for all apps that participate in the Designed for Families program of Google Play, the publisher must flag each of those apps in the dashboard as child-directed.

How to flag an app as child-directed

If the app is primarily directed to children (as defined by the COPPA), the publisher should flag the app in its dashboard with the “Primarily Directed to Children” flag. This flag will apply to all end-users of the app. Also, the flag will apply only with respect to ironSource’s own ad network, and will not have an effect on any third-party ad network. Please see below information regarding ironSource Mediation.

COPPA

Please note that for all apps that participate in the Designed for Families program of Google Play, and/or appear in the “Family” section of Google Play or in the Apple App Store’s Kids Category, the publisher must flag each of those apps in the dashboard as child-directed.

How to flag a specific end-user as a child

If the app is partially, but not primarily, directed to children under the COPPA (sometimes called a mixed-audience app), and has implemented an age gate, then the publisher should flag the app as a “Mixed Audience” app in its dashboard (see screenshot below).  In this case, the publisher must use COPPA SDK Functionality to flag whether a specific end-user is a child below the age of 13 (or another age as applicable to the publisher and app), or not.

Publishers are responsible for determining whether an app is primarily directed to children or the app is permitted to use an age gate.

mixed audience

Read more about end-user flagging with the ironSource COPPA SDK Functionality below:

Android

iOS

Unity

ironSource collection and use of data from a child-directed app

For an app that is flagged as a  “Primarily Directed to Children” app on the ironSource dashboard, or for a specific end-user flagged as a child via the COPPA SDK Functionality, ironSource will apply the following restrictions:

  1. We use and share the data that we collect (including the advertising ID and IP address) from a child-directed app only to serve contextual ads, for frequency capping, for fraud prevention, and for other activities to support our internal operations or the internal operations of the app, as permitted by the COPPA and other applicable regulations.
  2. We will not share persistent identifiers with third party external bidders such as DSPs, SSPs, exchanges, and marketplaces, except if specifically directed by the publisher for support for internal operations as defined by the COPPA.
  3. We will not deliver survey ads or other campaigns that ask, prompt, encourage, or enable end-users to disclose personal information.

ironSource Mediation and child-directed apps

ironSource SDK offers a client-side API to allow publishers to “flag” specific end-users as children (referenced above as the ironSource COPPA SDK Functionality).

Please note that mediated apps that are “Primarily Directed to Children”  must use the API if they would like to communicate to supported networks the status of the end-user.  Such apps should use the API to flag all end users as children under 13.

Below is a list of SDK networks which currently support the API. For SDK networks that are not listed in the below table, you should contact them directly for information on how to properly flag end-users as children.

Network Supported adapter version Flag
  iOS Android Unity
ironSource 7.1.0 (SDK) 7.1.0.1 (SDK) 7.1.0.1 (SDK) is_child_directed
AdColony 4.3.8
(SDK 7.0.2)
4.3.7
(SDK 6.17.0)
4.3.9
(SDK 7.0.2)
AdColony_COPPA
AdMob 4.3.11
(SDK 6.14.0)
4.3.9
(SDK 6.14.0)
4.3.12
(SDK 6.14.0)
AdMob_TFCD
AdMob 4.3.11
(SDK 6.14.0)
4.3.9
(SDK 6.14.0)
4.3.12
(SDK 6.14.0)
AdMob_TFUA
AppLovin 4.3.15
(SDK 6.17.1)
4.3.15
(SDK 6.17.0)
4.3.18
(SDK 6.17.1)
AppLovin_AgeRestrictedUser
Pangle 4.1.5
(SDK 6.17.1)
4.1.2
(SDK 6.17.0)
4.1.7
(SDK 6.17.1)
Pangle_COPPA

App developers under the age of 13

ironSource’s terms and conditions prohibit app developers who are under age 13 from using our services as our customers.