Analytics, GDPR and Children. How to flag?

Hi,

I’m exploring the possibilities of Ads (IronSource) and Analytics (Unity), but I have to find out how to work with the regulations.

For ads, I’m using IronSource/Unity Levelplay Mediation. It is a mixed audience app (not specifically for children, but it might be attractive to them) There is a age-gate in place (a popup asking “Are you older then 16?”), and it sets a flag “IronSource.Agent.setMetaData(“is_child_directed”, “true”)” accordingly.

What is needed for Analytics concerning this? Do I need to flag this? How would I flag this?
(I’m not asking you for legal advise, just for personal experiences or a direction)

Thank you!

Hi jorisjanbroers,

Thanks for reaching out! There’s some information about this in the Unity Analytics Privacy FAQ. When creating a project, there is a drop-down that asks about COPPA compliance and whether or not the app is targeting children under 13. That’s how you’d flag it (if it were primarily targetted towards children):

8876190--1212324--upload_2023-3-14_14-43-4.png

Is Analytics COPPA compliant?

Yes, UGS Analytics is COPPA compliant under the Children’s Online Privacy Protection Act. In order to provide analytics for your games, Analytics generates an anonymized user ID for each user in your game. We do not use any of these IDs generated from Child Apps to track users across apps built by other developers or to map users between different services, devices, or browsers on the same computer. In addition to these IDs, Analytics also collects the following personal information from Child App users: IP address, identifiers for advertisers (IDFA is only collected if Unity Ads is also enabled), and device identifiers (IDFV, Android device ID or IMEI if Android device ID is unavailable).
If your application is a Child App, you need to designate it as such within the Editor service panel or via the Project creation process in the Unity Dashboard.

The Data Privacy & Consent section also has information on the different compliances.

Let me know if any of that helps! I guess the TL;DR is that the SDK doesn’t know how old the users are and unless you have designated the app as a child app, we assume all users are equal. Implementing the Consent Flows & Opt-Out mechanisms helps reduce potential risks as well, if any.

Best,
Randy

Best,
Randy