Children found something in their stockings this Christmas they probably hadn’t asked for and won’t understand very well but surely could use: giftwrapped pleas for greater protection of their privacy on mobile devices from their national guardian in Washington: the Federal Trade Commission (FTC).
In its second report of the year on the subject, the FTC released, “Mobile Apps for Kids: Disclosures Still Not Making the Grade” in December. Based on a broad survey of kids’ apps, the report found a continuing, discouraging and dispiriting gap between the actual privacy practices of children’s apps and the disclosure of those practices to parents.
A principle of online privacy protection of children, enunciated in the Children’s Online Privacy Protection Act of 1998 (COPPA) and the FTC’s COPPA Rule issued under the Act (and, not coincidentally, also strengthened last month), is preservation of parents’ rights to control the personal information that websites and online services, including mobile apps, collect, use and share on their kids. According to the FTC report, mobile apps are still failing to give parents the information they need to determine what data is being collected from their children, how it’s being shared, or who will have access to it.
In addition, more and more are including interactive features – such as connecting to social media – and providing information to third parties like ad networks, without telling parents about it. Those companies use the information (like geolocation, device ID, or even phone number) gathered from multiple apps to develop detailed profiles of a child’s online behavior that can then be used to send product pitches – all without the child’s parents having the slightest clue.
Illustrative of the problem, the FTC survey found that:
- Only 20 percent of the children’s apps disclosed any information about their privacy practices
- Nearly 60 percent of the apps are sending information from the device to the app developer or a third party
- Nearly 60 percent had advertising within the app, with only 15 percent disclosing it prior to download
- More than 20 percent had links to social networks, with less than 10 percent disclosing it
- Nearly 20 percent allow for in-app purchases, with inadequate disclosure of that fact
Using whatever “bully pulpit” it has, the FTC exhorted all the key players in the mobile app industry – app stores, app developers, ad networks, etc. – to step up their game in helping parents control their kids’ access to and use of mobile apps. The key to effective parental control is better and timelier (before download) disclosure of the apps’ privacy practices, including offering simple, understandable choices about permitted data collection and sharing and greater transparency about how data is collected, used and shared.
In case jawboning isn’t enough, the FTC also let it be known that it has launched multiple law enforcement investigations of mobile app entities for possible COPPA violations. Following on the heels of its first COPPA enforcement action against a mobile app developer and its strengthening of the COPPA Rule, this announcement is further evidence of the growing FTC risk facing mobile app developers and companies who don’t take seriously enough their legal (and moral) obligation to protect the privacy of children.