With the rise of free-to-play (F2P) games, the profitability of video-gaming
apps critically depends on the ability of developers to acquire, retain,
and monetize large numbers of players. In this context, most game
designers have no viable alternative than massively collecting players'
personal data and monitoring their behavior to target them with
personalized advertising and in-game purchases. Given the risks
associated with such data practices, players, in particular children,
need to be aware that a video game might compromise their privacy. Game
designers should therefore ensure that players receive appropriate
information about the data practices associated with their games. This
might, however, be challenging, especially when the game is directed at
children, given the complexity of privacy information and the limited
literacy capacities of children and their parents. To answer game
designers' need for comprehensive guidance regarding the communication
of privacy information to children, we provide a survey of the
age-appropriate information design strategies which been recommended by
data protection authorities, children protection organizations and the
relevant scientific literature. On this occasion, we also refer to
illustrative examples of designs which can be considered good practices.
Finally, by using an "evaluation matrix", we reviewed and assessed the
implementation of those design strategies in nine F2P mobile games
committed to following Google Play's Families Policies. Our findings
show that, despite being child-oriented, the reviewed games largely fail
at communicating privacy information in an age-appropriate way.