FTC Report Finds Risks to Children's Privacy From the Use of Mobile Apps
Seller Beware: Consumer Protection Insights for Industry
Citing a lack of transparency about the data collection practices of mobile apps used by children, the FTC issued a report last week calling on industry to provide more meaningful disclosures to users prior to download.
The FTC surveyed 400 applications for kids in the Apple App Store and the Android Market to determine what information, if any, about the app's data access, collection, and sharing practices was disclosed prior to download. According to the report, the results were disappointing: in most instances, the application did not inform users if the app collected data, let alone the type of data collected. "Providing clear and accessible information is especially important in the kids app space," according to the report, because the data accessed and collected is likely from a mobile device used by a child, and as such, "could reveal information that a parent may not want shared with unknown third parties, such as a child's precise geolocation or phone number."
Indeed, the FTC's survey revealed that mobile apps can automatically collect from a mobile device a broad range of user information in addition to geolocation and phone number, including the user's list of contacts, call logs, unique device identifiers, and other stored information – and can share this information with a numerous recipients. Although these capabilities can be valuable in appropriate circumstances when consumers are aware of them, they pose serious risks to privacy when users – and parents of child users – cannot detect their full functionality. For example, an app can connect a user to other app users to play interactive games, which teens and younger children find compelling and entertaining, but in so doing, the app may collect detailed personal information in a manner parents cannot detect.
According to the report, more than half of the kids' applications in the Android Market covered by the FTC's survey had the ability to access and receive a wide variety of user content while the app was running, but did not adequately inform users of this fact. And while Apple claims to screen apps to safeguard children from inappropriate content and to reject any app that targets minors for data collection, according to the FTC, the details of this screening process are obscure.
To ensure that users are fully informed of the types of data that a kids' mobile app collects and uses, the FTC report calls on all members of the apps ecosystem – the app stores, app developers, and third parties servicing the apps – to provide clear, concise and timely disclosure of the apps' data access and collection practices prior to download. Some recommendations included developing standardized icons to alert users to certain functions or displaying disclosures on icons that can be easily viewed on the small screen of a mobile device.
Although the report does not focus on whether the apps covered by the FTC survey actually collected personal information from children, which may be a violation of the Children's Online Privacy Protection Act (COPPA), the report indicates that that the FTC plans to conduct additional reviews to determine if enforcement action is warranted. Given that the FTC recently settled its first COPPA action against a mobile app developer, and is revisiting its COPPA Rules with an eye towards mobile apps, industry would be wise to heed this warning – particularly because children and teens, like many users, have a seemingly insatiable "app-etite" for mobile content.
© Arnold & Porter Kaye Scholer LLP 2012 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.