On December 10, 2012, the Federal Trade Commission (the “FTC”) issued its second annual report examining the disclosures and information collection practices in kids’ apps. The FTC Staff aimed to determine whether the parents were able to make informed decisions about whether or not to download an app for their kids based on the privacy collection practices used by the app. The short answer is that for the most part, presently parents cannot make such informed decisions. The FTC Staff examined 400 kids’ apps from the Apple and Google Play app stores. The results were alarming. In particular, the survey found that:
- Only 20% of the apps reviewed disclosed any information about the apps’ privacy practices;
- Almost 60% of the apps transmitted ID number from the user’s device back to the developers, or more commonly, an advertising network, an analytics company or another party (and 14 of those apps also transmitted geolocation and/or phone number);
- A small number of third parties receive information from many apps, which means that they can potentially develop children’s profiles based on their behavior in different apps;
- 58% of apps contained interactive features, such as links to social media or advertising, without first disclosing it to the parents (58% of the apps contained advertising within the app, but only 15% disclosed it to the parents prior to the download; 22% of the apps contained links to social media, but only 9% disclosed this fact prior to the download; 17% of the apps provided ability for kids to purchase virtual goods for $0.99 to $29.99).
COPPA’s purpose is to safeguard personally identifiable information of children under the age of 13. According to the Act, if apps developers collect, use and/or disclose personal information of children under the age of 13, they must (1) disclose a privacy policy; (2) provide notice to parents about their information collection practices and, with some exceptions, get verifiable parental consent before collecting personal information from children; (3) give parents the choice to consent to the collection and use of a child’s personal information; (4) not condition a child’s participation in the app on the disclosure of more personal information than is reasonably necessary for the activity; and (5) maintain the confidentiality, security and integrity of the personal information collected from children.
The survey makes it clear that the FTC should significantly step up its enforcement efforts against those apps developers that fail to comply with COPPA. In fact, the survey announced that the FTC is launching multiple investigations to determine whether certain apps developers have violated COPPA or engaged in unfair or deceptive trade practices in violation of the FTC Act. Further, the survey shows that COPPA and the current regulations related to COPPA need to be amended soon. The currently proposed amendments seek to expand the definition of personally identifiable information that may be collected from children only upon disclosure and parental consent. The proposed definition includes photos, voice recordings, unique mobile device serial numbers, as well as the geolocation of the mobile device, – information that was not considered as personally identifiable or not considered at all back in 1998, when COPPA was adopted.