Privacy Certified Seals
Privacy Certified is a third-party privacy compliance and certification program operated by the Entertainment Software Rating Board. Companies can voluntarily join Privacy Certified to have the opportunity to submit their websites, mobile applications and other online services to us for certification under either our (i) ESRB Privacy Certified Seal Requirements (the “EPC Seal Requirements”), or (ii) ESRB Privacy Certified Kids Seal Requirements (the “Kids Seal Requirements”). The EPC Seal Requirements and the Kids Seal Requirements are intended for online services that target different audiences. Specifically, the Kids Seal Requirements are intended for online services with a younger audience and, as a result, are more demanding.
EPC Seal Requirements
The EPC Seal Requirements apply to websites, mobile apps and other online services, including connected products (for example, a toy that connects to an app), that are intended for a general or mature audience. If an online service displays our EPC Seal, it means we have certified it for compliance with the EPC Seal Requirements. (Please see below for information about our Kids Seal.)
No. To be approved to display the EPC Seal, the operator of the online service must first become a member of Privacy Certified, which includes a contractual agreement and an annual membership fee.
The member-operator must then submit the online service for certification. We conduct an initial, up-front privacy assessment of all online services submitted to us for certification to ensure they comply with the applicable program requirements. Upon the resolution of all compliance issues we identify during our initial assessment, the online service is approved to utilize the applicable Privacy Certified seal.
Yes. Once an online service has been certified and approved to utilize the EPC Seal, we monitor it so long as the operator is a member of Privacy Certified. As part of our monitoring efforts, we conduct bi-annual reviews of the online service. We also conduct reviews when we are notified of changes to the online service that could impact its data collection and use practices. And, at times, we perform random spot checks.
The primary objectives of the EPC Seal Requirements are to ensure you are well-informed about the online service’s data collection and use practices, as well as your rights with respect to that data. With that in mind, the online service must provide access to a public-facing privacy statement, which must disclose, among other things:
- The personal information and data collected through the online service;
- How the information is used;
- Whether it is shared or disclosed and, if so, how;
- What privacy rights you have, for example, if you have the right to access your personal information and data or have it deleted and, if so, how you may exercise those rights;
- How your information is kept secure and what happens in the event of a breach;
- How you are notified of changes to the privacy statement; and
- How you can contact the operator or us if you have a privacy-related question or complaint.
We review the online service to ensure these privacy disclosures are accurate.
In addition, the operator must agree to maintain reasonable procedures to protect the confidentiality, security and integrity of your personal information and data.
Not necessarily. While we stay abreast of the latest privacy laws, regulations and guidance, we do not necessarily incorporate all of them into the EPC Seal Requirements.
Not necessarily. In some cases, operators submit all their online services to us for review and certification. Ultimately, however, we certify online services not operators. An operator may choose to submit some, but not all its online services to us for review and certification.
If you see the EPC Seal on an online service, for example, in the footer of a website or in the settings menu of a mobile app, and that EPC Seal links back to a member confirmation page on our website, it signifies we have certified that specific online service.
If you ever have a question about whether a online Service is certified by us, please don’t hesitate to reach out to us and ask.
If you have a privacy-related complaint or question, please contact us by clicking here.
Kids Seal Requirements
The Kids Seal Requirements apply to websites, mobile apps and other online services, including connected products (for example, a toy that connects to an app), that are for children under thirteen (13) years old (“Children” or individually, a “Child”) or that the operator has actual knowledge collects or maintains personal information and data from Children. If an online service displays our Kids Seal, it means we have certified it for compliance with the Kids Seal Requirements. (Please see above for information about our EPC Seal.)
No. To be approved to display our Kids Seal, the operator of the online service must first become a member of Privacy Certified, which includes a contractual agreement and an annual membership fee.
The member-operator must then submit the online service for certification. We conduct an initial, up-front privacy assessment of all online services submitted to us for certification to ensure they comply with the applicable program requirements. Upon the resolution of all compliance issues we identify during our initial assessment, the online service is approved to utilize the applicable Privacy Certified seal.
Yes. Once an online service has been certified and approved to utilize the Kids Seal, we monitor it so long as the operator is a member of Privacy Certified. As part of our monitoring efforts, we conduct bi-annual reviews of the online service. We also conduct reviews when we are notified of changes to the online service that could impact its data collection and use practices. And, at times, we perform random spot checks.
First and foremost, the Kids Seal Requirements are intended to ensure the online service complies with the Children’s Online Privacy Protection Act (“COPPA”) and the regulations and guidance from the Federal Trade Commission. With that in mind, the online service must provide access to a public-facing privacy statement, which must disclose, among other things:
- The personal information and data collected through the online service;
- How the information is used;
- Whether it is shared or disclosed and, if so, how;
- How parents and guardians can exercise their rights, including the rights to access, review, correct, delete, and prevent the disclosure of their Child’s personal information and data to third parties;
- How the personal information and data is kept secure and what happens in the event of a breach;
- How you are notified of changes to the privacy statement; and
- How you can contact the operator or us if you have a privacy-related question or complaint.
Because the online service is directed to Children, there are restrictions placed on the collection and use of personal information and data. Specifically, unless an exception applies, the online service may only collect personal information and data from a Child if it provides direct notice to and obtains verifiable consent from a parent or guardian. The most common exceptions are for the use of certain personal information to support the online service’s operations and to respond to communications from Children. The Kids Seal Requirements require members to abide by these requirements, and we perform our reviews to ensure it. (Please note these restrictions do not apply to information parents provide about their Children.)
In addition, operators agree:
- To work with us to resolve your privacy complaints and questions;
- To maintain reasonable procedures to protect the confidentiality, security and integrity of your personal information and data; and
- Not to collect personal information and data unless it is necessary and being utilized.
Not necessarily. While we stay abreast of the latest privacy laws, regulations and guidance, we do not necessarily incorporate all of them into the Kids Seal Requirements. That said, the Kids Seal does mean the online service complies with COPPA, which is the federal law in the U.S. that governs the collection and use of personal information collected from Children online.
Not necessarily. In some cases, operators submit all their online services to us for review and certification. Ultimately, however, we certify online services not operators. An operator may choose to submit some, but not all its online services to us for review and certification. Moreover, the operator may submit some online services that are certified under the Kids Seal Requirements, but other services that are certified under the EPC Seal Requirements.
If you see the Kids Seal on an online service, for example, in the footer of a website or in the settings menu of a mobile app, and that Kids Seal links back to a member confirmation page on our website, it signifies we have certified that online service for compliance with our Kids Seal Requirements.
If you ever have a question about whether an online service is certified by us, please don’t hesitate to reach out to us and ask.
If you have a privacy-related complaint or question, please contact us by clicking here. We will work with you and our member to reach a resolution.