fbpx

Privacy Certified Seals

Privacy Certified is a third-party privacy compliance and certification program operated by the Entertainment Software Rating Board. Companies can voluntarily join Privacy Certified to have the opportunity to submit their websites, mobile applications and other online services to us for certification under either our (i) ESRB Privacy Certified Seal Requirements (the “EPC Seal Requirements”), or (ii) ESRB Privacy Certified Kids Seal Requirements (the “Kids Seal Requirements”). The EPC Seal Requirements and the Kids Seal Requirements are intended for online services that target different audiences. Specifically, the Kids Seal Requirements are intended for online services with a younger audience and, as a result, are more demanding.

Privacy Certified Seals

Click a seal below to learn more about requirements.

To learn more about the EPC Seal Requirements, please click
To learn more about the Kids Seal Requirements, please click

EPC Seal Requirements

To what types of online services do the EPC Seal Requirements apply?

The EPC Seal Requirements apply to websites, mobile apps and other online services, including connected products (for example, a toy that connects to an app), that are intended for a general or mature audience. If an online service displays our EPC Seal, it means we have certified it for compliance with the EPC Seal Requirements. (Please see below for information about our Kids Seal.)

Can any online service display the EPC Seal?

No. To be approved to display the EPC Seal, the operator of the online service must first become a member of Privacy Certified, which includes a contractual agreement and an annual membership fee.

The member-operator must then submit the online service for certification. We conduct an initial, up-front privacy assessment of all online services submitted to us for certification to ensure they comply with the applicable program requirements. Upon the resolution of all compliance issues we identify during our initial assessment, the online service is approved to utilize the applicable Privacy Certified seal.

Do you conduct any privacy reviews after the initial assessment?

Yes. Once an online service has been certified and approved to utilize the EPC Seal, we monitor it so long as the operator is a member of Privacy Certified. As part of our monitoring efforts, we conduct bi-annual reviews of the online service. We also conduct reviews when we are notified of changes to the online service that could impact its data collection and use practices. And, at times, we perform random spot checks.

What requirements must the online service meet to utilize the EPC Seal?

The primary objectives of the EPC Seal Requirements are to ensure you are well-informed about the online service’s data collection and use practices, as well as your rights with respect to that data. With that in mind, the online service must provide access to a public-facing privacy statement, which must disclose, among other things:

  • The personal information and data collected through the online service;
  • How the information is used;
  • Whether it is shared or disclosed and, if so, how;
  • What privacy rights you have, for example, if you have the right to access your personal information and data or have it deleted and, if so, how you may exercise those rights;
  • How your information is kept secure and what happens in the event of a breach;
  • How you are notified of changes to the privacy statement; and
  • How you can contact the operator or us if you have a privacy-related question or complaint.

We review the online service to ensure these privacy disclosures are accurate.
In addition, the operator must agree to maintain reasonable procedures to protect the confidentiality, security and integrity of your personal information and data.

Does the EPC Seal mean the online service complies with my state’s privacy laws?

Not necessarily. While we stay abreast of the latest privacy laws, regulations and guidance, we do not necessarily incorporate all of them into the EPC Seal Requirements.

If I see an EPC Seal on an online service does that mean all online services by that operator are certified?

Not necessarily. In some cases, operators submit all their online services to us for review and certification. Ultimately, however, we certify online services not operators. An operator may choose to submit some, but not all its online services to us for review and certification.

If you see the EPC Seal on an online service, for example, in the footer of a website or in the settings menu of a mobile app, and that EPC Seal links back to a member confirmation page on our website, it signifies we have certified that specific online service.

If you ever have a question about whether a online Service is certified by us, please don’t hesitate to reach out to us and ask.

What if I have a complaint about the online service?

If you have a privacy-related complaint or question, please contact us by clicking here.

Kids Seal Requirements

To what types of online services do the Kids Seal Requirements apply?

The Kids Seal Requirements apply to websites, mobile apps and other online services, including connected products (for example, a toy that connects to an app), that are for children under thirteen (13) years old (“Children” or individually, a “Child”) or that the operator has actual knowledge collects or maintains personal information and data from Children. If an online service displays our Kids Seal, it means we have certified it for compliance with the Kids Seal Requirements. (Please see above for information about our EPC Seal.)

Can any online service display the Kids Seal?

No. To be approved to display our Kids Seal, the operator of the online service must first become a member of Privacy Certified, which includes a contractual agreement and an annual membership fee.

The member-operator must then submit the online service for certification. We conduct an initial, up-front privacy assessment of all online services submitted to us for certification to ensure they comply with the applicable program requirements. Upon the resolution of all compliance issues we identify during our initial assessment, the online service is approved to utilize the applicable Privacy Certified seal.

Do you conduct any privacy reviews after the initial assessment?

Yes. Once an online service has been certified and approved to utilize the Kids Seal, we monitor it so long as the operator is a member of Privacy Certified. As part of our monitoring efforts, we conduct bi-annual reviews of the online service. We also conduct reviews when we are notified of changes to the online service that could impact its data collection and use practices. And, at times, we perform random spot checks.

What requirements must the online service meet to utilize the Kids Seal?

First and foremost, the Kids Seal Requirements are intended to ensure the online service complies with the Children’s Online Privacy Protection Act (“COPPA”) and the regulations and guidance from the Federal Trade Commission. With that in mind, the online service must provide access to a public-facing privacy statement, which must disclose, among other things:

  • The personal information and data collected through the online service;
  • How the information is used;
  • Whether it is shared or disclosed and, if so, how;
  • How parents and guardians can exercise their rights, including the rights to access, review, correct, delete, and prevent the disclosure of their Child’s personal information and data to third parties;
  • How the personal information and data is kept secure and what happens in the event of a breach;
  • How you are notified of changes to the privacy statement; and
  • How you can contact the operator or us if you have a privacy-related question or complaint.

Because the online service is directed to Children, there are restrictions placed on the collection and use of personal information and data. Specifically, unless an exception applies, the online service may only collect personal information and data from a Child if it provides direct notice to and obtains verifiable consent from a parent or guardian. The most common exceptions are for the use of certain personal information to support the online service’s operations and to respond to communications from Children. The Kids Seal Requirements require members to abide by these requirements, and we perform our reviews to ensure it. (Please note these restrictions do not apply to information parents provide about their Children.)
In addition, operators agree:

  • To work with us to resolve your privacy complaints and questions;
  • To maintain reasonable procedures to protect the confidentiality, security and integrity of your personal information and data; and
  • Not to collect personal information and data unless it is necessary and being utilized.
Does the Kids Seal mean the online service complies with my state’s privacy laws?

Not necessarily. While we stay abreast of the latest privacy laws, regulations and guidance, we do not necessarily incorporate all of them into the Kids Seal Requirements. That said, the Kids Seal does mean the online service complies with COPPA, which is the federal law in the U.S. that governs the collection and use of personal information collected from Children online.

If I see a Kids Seal on an online service does that mean all online services by that operator are certified?

Not necessarily. In some cases, operators submit all their online services to us for review and certification. Ultimately, however, we certify online services not operators. An operator may choose to submit some, but not all its online services to us for review and certification. Moreover, the operator may submit some online services that are certified under the Kids Seal Requirements, but other services that are certified under the EPC Seal Requirements.

If you see the Kids Seal on an online service, for example, in the footer of a website or in the settings menu of a mobile app, and that Kids Seal links back to a member confirmation page on our website, it signifies we have certified that online service for compliance with our Kids Seal Requirements.

If you ever have a question about whether an online service is certified by us, please don’t hesitate to reach out to us and ask.

What if I have a complaint about the online service?

If you have a privacy-related complaint or question, please contact us by clicking here. We will work with you and our member to reach a resolution.

If you have a question about whether an online service is certified by Privacy Certified, have a privacy-related complaint about an online service we certify or you just have a question about us or one of our member’s privacy practices, please contact us by clicking here.