Privacy Certified Seals

The ESRB Privacy Certified Seals (Seals) are trust marks issued by the Entertainment Software Rating Board’s Privacy Certified program (ESRB Privacy Certified or EPC). EPC issues these Seals for toy and video game-related websites, mobile apps, downloadable PC games, console settings, and Internet of Things / connected devices and other online services. The Seals show that a certified product or service meets EPC’s strict self-regulatory privacy standards. They cover how companies collect, use, and share consumers’ personal information.

EPC has two types of Privacy Certified Seals:

1. the ESRB Privacy Certified Seal, also known as the “General Seal,” and
2. the ESRB Privacy Certified Kids Seal, also known as the “Kids Seal.”

Each Seal has its own set of standards, known as program requirements. They provide a framework for companies to implement and abide by strong, transparent, and responsible privacy practices.

Companies in the video game and toy industries turn to EPC to help them comply with privacy and data security laws and to go beyond what the law requires. Displaying the seals shows players, parents, and regulators that an independent third party organization has reviewed a company’s policies, tested its certified games, apps, and toys, and continues to monitor them to ensure transparent, lawful, and responsible privacy practices.

This helps players and parents make informed decisions. Parents view the Kids Seal, in particular, as a mark of trust. In fact, a recent survey found that nearly all parents (96%) with children that play video games say they would feel more comfortable with their children playing a game that displays the ESRB Privacy Certified Kids Seal. Of those parents, 67% said “much more” comfortable while 29% answered “somewhat more” comfortable.

The EPC General Seal covers toy and video game-related digital products and online services that are intended for teens or adults and are not aimed at children under the age of 13. These include websites, mobile apps, downloadable PC games, console settings, and Internet of Things / connected products. If a product or service displays our EPC Seal, it means we have reviewed and certified it under the General Seal program requirements.

The EPC Kids Seal covers toy and video game-related digital products that are aimed at children under the age of 13 or that are knowingly used by children. These include websites, mobile apps, downloadable PC games, console settings, and Internet of Things / connected products (e.g., a toy that connects to an app). If a product or service displays our Kids Seal, it means we have reviewed and certified it for compliance with the U.S. federal Children’s Online Privacy Protection Act (COPPA) and EPC’s Kids Seal Requirements. For a list of COPPA-compliant products that EPC has certified, click here.

The General Seal Requirements contain provisions based on U.S. federal and state laws, regulatory actions, global best practices, and platform standards. They require that member companies give consumers clear and accurate information to help them understand (i) how their personal information is collected, used, and shared, and (ii) how to make privacy choices and exercise relevant consumer data rights.

The General Seal Requirements incorporate widely adopted fair information practice principles such as transparency and notice, consent and choice, data minimization, and accountability. They also include separate provisions on handling sensitive data, safeguarding teens’ personal information (for consumers over the age of 13 and under the age of 18), implementing data security and retention requirements, and honoring consumer privacy rights and choices.

The Kids Seal Requirements incorporate the provisions of the U.S. Children’s Online Privacy Protection Act and its related rule (COPPA). They reflect insights from COPPA enforcement actions by the Federal Trade Commission (FTC) and state Attorneys General, as well as other guidance from the FTC on how to comply with the law.

When COPPA applies to a digital product or online service, it places restrictions on how a company can collect, use, share, and retain children’s personal information. Key restrictions include:

• Data Minimization: Limits on collecting more personal information from children than is reasonably necessary to fulfill a specific purpose.
• Parental Notice and Consent: Unless an exception applies, companies must explain their data practices, on their websites or other services, and through a direct notice to parents and guardians. They must also obtain verifiable consent from a child’s parent or guardian before collecting, using, or sharing a child’s personal information.
  • Common exceptions include use of certain personal information to support the online service’s operations and to ensure the safety, security, and integrity of a digital product or online service.
• Third-Party Sharing: In some cases, companies must obtain an extra separate consent from a child’s parent or guardian before sharing a child’s information with third parties for reasons that are not “integral” to the operation of the product or service.

The Kids Seal Requirements require members to meet these COPPA obligations as well as related rules on data retention, data security, and data deletion. Member companies must provide parents and guardians with accurate, clear, and complete information about their data retention, and data security policies and practices. They must also explain parents’ and guardians’ rights under COPPA to access, review, correct, delete, and prevent the disclosure of their child’s personal information and make sure that they honor those rights. For more information about COPPA, you can view the FTC’s FAQs, here.

No. To use an ESRB Privacy Certified Seal, a company must:

1. Join the EPC program by entering into a contractual agreement with the ESRB promising to comply with EPC’s program requirements and paying an annual membership fee.
2. Submit each product or service it wants certified to EPC for review.
3. Cooperate with EPC’s comprehensive privacy assessment process by providing privacy and data security policies and disclosures, access to products and services for testing, and other information as required.
4. Address any required changes identified by EPC.

Once a member resolves all required changes for a product or service, EPC issues the appropriate Privacy Certified seal.

To keep non-member companies from displaying the EPC Seal, EPC monitors websites and other online services to check for misrepresentations about the Seal or misuse.

Yes. We monitor all certified products and services to ensure continued adherence to our program requirements. As part of our monitoring efforts, we conduct bi-annual reviews and check certified products whenever a member company makes material changes to its data policies and practices. At times, we perform random spot checks.

Both the Seals and ratings come from the ESRB, but they are independent of each other and serve different purposes.

• ESRB age ratings help families understand whether the content in a video game or app is age appropriate, so families can make informed decisions about the games their kids play. An ESRB E or E10+ rating does not signify that a game or app is directed to children for purposes of complying with COPPA and the. Kids Seal Requirements. For more information about ESRB ratings, click here.
• ESRB Privacy Certified Seals show that a digital product or online service meets strong privacy and data security standards.

In short, age ratings provide parents with a guide to what’s in games and apps while the Seals provide assurance that a game or app handles players’ personal information appropriately.

No. EPC certifies individual digital products and online services, not entire companies. Some companies submit all their digital products and online services to us for review and certification while others may only submit a few.

If you see an EPC Seal on a digital product or online service, for example, in the footer of a website or the settings menu of an app, and the Seal links back to a membership confirmation page on our website, it confirms that we have certified that specific product or service.

If you’re not sure whether we’ve certified a game, app, or toy, feel free to contact us. You can also check the list of COPPA-compliant products certified under the Kids Seal here.

Not exactly. (The answer also depends on the Seal.)

The General Privacy Certified Seal Requirements reflect the key principles established in many U.S. state privacy laws, regulations, enforcement actions, and guidance. They do not, however, incorporate every specific provision from every state privacy law. A member company’s adherence to the General Seal Requirements signifies a members’ strong commitment to privacy and alignment with key legal obligations but does not guarantee that the member is in formal legal compliance with all provisions of every possible applicable law or in every jurisdiction.

The Privacy Certified Kids Seal is focused on compliance with COPPA, a federal statute, primarily enforced by the FTC. State Attorneys General, however, can also enforce COPPA. Many state privacy laws incorporate COPPA’s provisions into their children’s privacy requirements, whether as part of comprehensive privacy legislation or standalone children’s privacy laws.

If you have a privacy-related complaint or question, please contact us by clicking here. We will work with you and our member company to reach an appropriate resolution.