Buy vs Build
Thinking of building your own age verification & permission management platform? Consider these four areas carefully before you make a decision.
1. Can you build and maintain a regulatory based solution to protect your young consumers?
- Jurisdictional age gate
Did you know the GDPR has set the age of consent at 16, but member states can choose a younger age down to 13? To be compliant with the GDPR, you will need to factor in building a jurisdictional age gate with multiple verification methods. - Regulations like COPPA, GDPR, CCPA, FERPA, SOPIPA and other student privacy laws can be complicated and will continue to evolve
This requires resources to track the regulations and then translate those into technical requirements for the development team to implement. - Your brand reputation can be severely damaged if you do it wrong
Building your own complaint age verification and permission platform is risky. If strict guidelines are violated, hefty fines may be imposed. Businesses that have been found to be non-compliant have faced major negativity from consumers and the press. No company wants to be part of a negative public story, especially when involving children.
2. Are you getting the best ROI (return of investment) for your effort?
- Identity verification isn't as simple as a credit card
Relying on a limited set of verification methods, like offering just credit card, may impact drop-off during the signup and consent process. Many companies choose just one method because of the complexity and access to other methods. Case studies show parents prefer to choose other methods over credit card. Multiple identification methods are necessary for reliable and easy verification that is usable for all consumers - Integration with an existing platform is a different process than developing a new application
Integration usually involves API implementations. That skill set can be very different than designing and building an application customized to a particular set of tasks that other external resources may do better because of their knowledge and experience, having already developed a comparable platform. - Time
It’s faster to market if you integrate with an already built platform and minimal domain expertise investment is involved. - Expert on Staff
You will need to have an expert to help you with your flows to make sure they are compliant. - Scalability & Interoperability
You will want an interoperable platform that can easily scale. Interoperability testing is difficult and time consuming. - Keeping it Updated
Whatever you build, you will need to invest in continued research and development to keep up with market expectations and competitors.
3. What does it really cost?
- The hidden costs will overwhelm the development process
Although the internal solution may be perceived to be the least expensive alternative, this is not always the case, especially if the total cost of development and maintenance is included. Your business would be creating a new product, not a feature to an existing product. This may become costly not only financially, but with time as well. This is not just about counting IT people costs. Total cost accounting will develop an honest picture of what it takes to develop internally versus integrating with an outside solution. - Buying versus developing may be a cost avoidance
What additional specialty resources are needed to implement regulatory based software? Does the legal team need additional expertise? Does the IT team need resources that are more aware, knowledgeable and attuned to regulatory or other technical expertise solutions? Will your verification transaction fees be as favorable as the outside solution? Tracking, updating and testing to ensure compliance and fine avoidance is a cost that may not be needed.
4. Do you know the benefits of working with a neutral third party & COPPA Safe Harbor?
- Experience
PRIVO’s team is composed of online privacy, safety, youth and media experts, who have first-hand experience with the regulatory challenges facing the industry. As a result, PRIVO developed solutions and best practices to overcome those hurdles and is continually working on improving messaging and tactics for obtaining parental consent. - New Parental Consent Methods
As an FTC approved COPPA Safe Harbor, PRIVO can approve new methods of parental consent under COPPA and can work with your company on next-generation user experiences. - Legal Neutrality
Under the GDPR, a neutral 3rd party can collect and store for your organization which supports requirements for data minimization and security.
The buy vs build question is always a difficult question to answer and it’s far too easy to make the wrong choice. If your company has an in-house development team, there may be the push to build because they can supposedly satisfy all needs. However, from our experience, building your own registration, consent and identity verification platform is not as easy as it may appear, nor as cost effective in the long run. Working with PRIVO will get you faster to market, whether you are using PRIVO's APIs and SDKs or leverage PRIVO's widgets in the PRIVO domain and will require minimal domain expertise investment.