Welcome, traveler! Let’s venture into the world of Genshin Impact and the recent $20 million settlement agreement between game publisher HoYoverse and the Federal Trade Commission (FTC). The FTC charged HoYoverse with violating the Children's Online Privacy Protection Act (#COPPA) by unlawfully collecting and sharing personal information from Genshin Impact users under the age of 13. It also alleged that the company violated the FTC Act by using deceptive and unfair tactics to entice kids and teens to buy loot boxes that contained desirable character prizes. Check out the ESRB Privacy Certified blog for SVP Stacy Feuer's analysis of the implications of this groundbreaking settlement. And be sure to explore our top three takeaways for video game companies interacting with children and teens.
ESRB Privacy Certified
Computer Games
We’re a leading online privacy compliance and certification program, and an FTC-approved COPPA Safe Harbor.
About us
ESRB Privacy Certified is a leading comprehensive online privacy compliance and certification program, and an FTC-approved Safe Harbor under the U.S. Children’s Online Privacy Protection Act and the Federal Trade Commission's COPPA Rule. We work largely with video game and toy companies around the world to ensure that our members develop and implement responsible and transparent privacy practices that reflect developments in law, technology, and global best practices.
- Website
-
http://www.esrb.org/privacy/
External link for ESRB Privacy Certified
- Industry
- Computer Games
- Company size
- 11-50 employees
- Headquarters
- USA
- Founded
- 2001
- Specialties
- Privacy, Privacy Compliance, Children Online, Data Protection, Data security, COPPA, Children's Online Privacy Protection Act, GDPR, General Data Protection Regulation, CCPA, CPRA, Age Appropriate Design Code, U.K. Children's Code, Irish Fundamentals, Federal Trade Commission, and FTC
Updates
-
How are we celebrating #DataPrivacyDay? With a webinar co-hosted by Daniel M. Goldberg of Frankfurt Kurnit Klein & Selz on "Data Privacy Priorities for 2025" for our ESRB Privacy Certified members and friends, featuring the IAPP's Cobun Zweifel-Keegan, J.D., CIPP/US, CIPM. Plus, some scrumptious Chinese food for the start of the #LunarNewYear tomorrow. #Privacy #YearoftheSnake
Happy Data Privacy Day! 🎉 Celebrate with us today and all year long -- because privacy deserves the attention. The 2025 theme for #DataPrivacyDay is “Put Privacy First.” #PrivacyPros, how do you prioritize privacy in your career? And how do you encourage others and your organization to do the same? Reply in the comments! Make the day count by joining our panel of experts in our annual #DPD #LinkedInLive. Register ASAP and join at 10:00 EST: https://bit.ly/40sfjFT
-
January is turning out to be a big news month, not just because of recent events in D.C. or yesterday's timely celebration of Martin Luther King Day. Last Thursday, the Federal Trade Commission (FTC) announced the final version of the long-awaited #COPPA Rule. Then, on Friday, the FTC, through the Department of Justice, filed a proposed complaint and settlement against HoYoverse, the company behind the massively popular #GenshinImpact video game, alleging violations of the Children's Online Privacy Protection Act (COPPA) and deceptive and unfair loot box practices. With a $20 million fine, a data deletion mandate, and game-changing restrictions on virtual currency loot box purchases, this settlement could reshape how video game companies engage with children and teens. Curious about the details and what it means for the industry? Read on. The proposed settlement requires HoYoverse to pay a $20 million fine and to delete all data of players under the age of 13 unless it obtains verifiable parental consent (VPC). It also bans HoYoverse from selling loot boxes to children under the age of 16 without parental consent. It prohibits the company from offering loot boxes for virtual currency unless it also offers players the option to purchase loot boxes directly with fiat money. The underlying complaint alleges that the company collected and shared personal information from children under 13 without obtaining VPC, violating COPPA. It also asserts that the company enticed children and teens to buy loot boxes for mystery prizes that obscured the real costs of in-game purchases through practices that violate the FTC Act. In particular, it sets out evidence supporting the FTC's claim that HoYoverse misrepresented the odds of winning desirable prizes known as “five-star heroes” – powerful characters that offer significant advantages for game play. The COPPA allegations and proposed remedies align with previous FTC actions against TikTok and Epic Games/Fortnite. The deception and unfairness claims, which target HoYoverse’s “pay-to-win” gacha monetization system, are more novel. They are, though, still rooted in the FTC’s long-held stance that companies should not allow children to make in-app and in-game purchases without parental authorization. There's a ton of detail in the complaint and we’ll provide a more in-depth analysis of the action in the coming days, including insights from the separate statement issued by new FTC Chair Andrew Ferguson. Although the enforcement action only binds HoYoverse, it provides a clear signal that the agency will continue to enforce COPPA vigorously and focus on an array of consumer protection issues that affect children and teenagers online. If you'd like to learn more about the HoYoverse action or FTC COPPA enforcement, please get in touch. ESRB Privacy Certified is an FTC-authorized COPPA Safe Harbor program that provides certification and compliance support for companies in the video game and toy industries.
Genshin Impact Game Developer Will be Banned from Selling Lootboxes to Teens Under 16 without Parental Consent, Pay a $20 Million Fine to Settle FTC Charges
ftc.gov
-
The Federal Trade Commission issued its long-awaited final Children's Online Privacy Protection Act (COPPA Rule) today, on a 5-0 vote, with incoming Republican Chairman Andrew Ferguson concurring in the result. The new Rule, which comes into effect 60 days after formal publication (with full compliance required within a year), sets out new requirements for the collection, use, and sharing of kids' personal data to help protect their privacy and keep them safe online. Most of the revisions are consistent with the proposals the FTC issued about a year ago through its Notice of Proposed Rulemaking although the FTC stopped short of adopting several controversial changes. (You can find our analysis of those proposals on the Privacy Certified blog.) The Rule, which hadn't been updated since 2103 -- a dozen years ago in people time and even more in technology time -- establishes new requirements on number of topics such as biometric identifiers, targeted advertising, data retention and data security, and more. It also provides more direction on "mixed audience" services under COPPA and allows "text plus" verifiable parental consent. The new Rule also imposes heightened transparency obligations for Safe Harbor programs like Privacy Certified. We're still making our way through the 225+ pages of Rule text, analysis, and Commissioner opinions. Going forward, we'll work with our program members on implementing the changes required by the Rule. Stay tuned for more in-depth takeaways. And please get in touch if we can help you comply with the new COPPA Rule. #COPPA, #kidsprivacy, #SafeHarbor
FTC Finalizes Changes to Children’s Privacy Rule Limiting Companies’ Ability to Monetize Kids’ Data
ftc.gov
-
If you're in LA this Friday, check out our SVP, Stacy Feuer's panel on the Ethics of Responsible gaming at the University of California, Los Angeles - School of Law/American Bar Association Digital Media & Video Game Conference.
Senior Vice President at ESRB Privacy Certified, a leading compliance and certification program for video game and toy companies | Former FTC manager with extensive privacy, advertising, and international experience
This is a significant, consequential week for the United States and the world. I can't (and won't) claim that anything in my personal universe is as weighty as our upcoming election. (Go vote if you haven't already!) But, in the narrower sphere of interactive entertainment, I'll be addressing an important topic for video game and entertainment lawyers - the ethics of responsible gaming - at the University of California, Los Angeles - School of Law/American Bar Association Digital Media & Video Game Conference on Friday. Guided by Maria Abesa, our moderator, Andrew Bardi, Felix Hilgert, Zach Lewis, Esq. and I will discuss how lawyers should navigate key regulatory issues relating to privacy, monetization, and kids when laws are unclear or outdated. I'll be tackling this topic through ESRB Privacy Certified's self-regulatory compliance and certification lens. If you're going to be at the conference (or anywhere in the vicinity), let me know. I'll only be on the ground in LA briefly, but I'd love to meet up.
-
-
If you're in California, join our SVP, Stacy Feuer, for this fascinating panel next Friday on responsible video game practices at the the University of California, Los Angeles - School of Law. And stay for the rest of the conference!
Senior Vice President at ESRB Privacy Certified, a leading compliance and certification program for video game and toy companies | Former FTC manager with extensive privacy, advertising, and international experience
Now that I'm back from #vacation (sigh), I'm looking forward to my November West Coast swing, starting with the University of California, Los Angeles - School of Law's Digital Media and & Video Game Conference on Friday, November 8. I'll be speaking on a panel titled, "Ethics and Responsible Gaming," along with Felix Hilgert and Zach Lewis, Esq. that - as conceived of by Maria Abesa - will consider how lawyers should navigate key regulatory issues in the the video game industry relating to privacy, monetization, and kids when laws aren't keeping pace with advances in underlying technologies. How should lawyers balance their clients' interests and the public good when they conflict? I'll be approaching this provocative topic, of course, from ESRB Privacy Certified's unique perspective as a self-regulatory compliance and certification organization. My panel is part of a full day of fascinating discussions organized by the Ziffren Institute for Media, Entertainment, Technology & Sports Law | UCLA School of Law and the UCLA Institute for Technology, Law & Policy in association with the American Bar Association's Forum on Sports and Entertainment Industries. Registration, program, and CLE info is here: https://lnkd.in/eNRarU3w.
-
-
All aboard the ESRB Express! Join us in celebrating the Entertainment Software Rating Board (ESRB) turning 30 with this celebratory music video. 🎉 (You'll see us around 1:56 in the video! 🎶 )
We’re turning 30, and you’re invited to our birthday party! Since opening our doors in 1994, nearly every boxed video game has come through our offices on our quest to provide age and content ratings to families. We couldn’t be prouder to be a small (but invaluable!) part of the video game development and distribution process, supporting some of the most visionary and creative works of media and entertainment. But of course, we would be nowhere without the parents and caregivers who continue to trust and use the ratings to help decide what’s appropriate for their kids. Yesterday, we dropped #EisForEveryone, a celebratory music video exploring our role(s) in the video game landscape. You can find that, and more, in our latest blog: #VideoGames #ESRB #GamesIndustry
All Aboard the ESRB 30th Anniversary Express!
esrb.org
-
Sharing our SVP's post about a fantastic new resource on kids' privacy up on the IAPP - International Association of Privacy Professionals' ResourceCenter today.
Senior Vice President at ESRB Privacy Certified, a leading compliance and certification program for video game and toy companies | Former FTC manager with extensive privacy, advertising, and international experience
So excited that the PerfectPetPal case study about a fictional pet simulator app that I developed for a panel on "Implementing Kid's Privacy Protections Around the World" at the IAPP - International Association of Privacy Professionals EU Data Protection Congress last fall is now live. Special thanks to my co-authors Timothy M., Anna Morgan, and Jonathan Tam and to additional collaborators Kieran Donovan, Shauna Joyce, and Michelle Ma for a truly global effort! Not to brag too much, but the hypo is a lot of fun and I can imagine many privacy colleagues using it, riffing on it, and updating it (given the warp speed of kids' privacy developments) as the basis for trainings and presentations! You can check it out at the link below or find it on the IAPP ResourceCenter.
Implementing kids’ privacy protections around the world
iapp.org
-
Help us send our SVP, Stacy Feuer, to Austin next March. She'll join a great group of leaders, experts, and entrepreneurs for an exciting South by Southwest conversation on global challenges and solutions for #kidsprivacy in games. Panel picking info below. Please vote!
🌟 Voting is now open for SXSW's PanelPicker! 🌟 Industry experts at k-ID, ESRB Privacy Certified, Family Online Safety Institute and Another Axiom have come together to discuss how to protect kids and teens online while empowering them with access. In their proposed SXSW panel, “Access to Play: Protecting Children and Privacy,” they will draw on insights gained from navigating complex legal regulations and a frustrating array of onboarding processes to shape real solutions. Join moderator Stephen Balkam and panelists Kieran Donovan, Stacy Feuer, and Jennifer Lane in helping them get to SXSW! 🎉 Voting ends on August 18! SXSW PanelPicker® https://lnkd.in/gfc3SrJz #sxsw #sxsw2025 #panelpicker #kidsonlinesafety #onlinesafety
Access to Play: Protecting Children and Privacy
panelpicker.sxsw.com
-
With more than 1 billion users worldwide, viral video sharing platform #TikTok has spawned more than its share of hashtags, dances, and memes. (#snoopdogOlympics2024 anyone?) Now, as the U.S. Federal Trade Commission once again sues TikTok for violating children's privacy under the federal Children's Online Privacy Protection Act (this time in a complaint filed by the Department of Justice), #kidsprivacy is trending for the platform. Read our SVP Stacy Feuer's top takeaways from the FTC's action to find out how you can make sure you're complying with #COPPA and keeping kids -- and their data -- safe online.
#KidsPrivacy Trending for TikTok: Top Takeaways from the New COPPA Enforcement Action
esrb.org