By Megan L. Rodgers
What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues.
The FTC recently released a follow-up report on privacy notices in mobile apps directed at kids. The report follows two FTC kids’ app surveys released in February 2012 and December 2012, and a campaign by the FTC to bring all apps in compliance with the revised COPPA Rule by July 1, 2013.
How did mobile apps directed at children fare? The results were mixed. The FTC looked at hundreds of mobile apps and noted that there has been “a step in the right direction” since their last survey, but the FTC was careful to point out that “there’s more work to be done.” In December 2012, only 20% of apps had a link to a privacy policy available to parents before downloading the app; today, the number of apps with direct links to a privacy policy is 45%. Although this is an improvement, the FTC said that for many kids’ apps, parents still do not have an easy way to learn about data collection and usage practices.
The FTC suggested that improved privacy practices may be attributable to one or more factors, including the revised COPPA Rule that widened the definition of children’s personal information, a 2012 agreement between the California Attorney General and major mobile platform providers to display privacy policies, and the fact that many mobile app platforms now provide specific space on their app promotion pages for privacy disclosures.
The FTC also cautioned that for disclosures to have any value, the disclosures must be accurate, and said that the FTC will address that point next.
Regulators in the U.K. recently announced findings from a similar review of websites directed at children. The U.K.’s data protection agency, the Information Commissioner’s Office (ICO), reviewed nearly 1,500 websites it believed to be popular with young people.[1]
The conclusion—the results were “concerning.” The review took issue with the privacy practices of 41% of the examined websites. The ICO noted that less than a third of websites had “effective control” of the information collected from children and said that the most common problem for U.K.-based websites was a failure to adequately explain how collected information would be used.
The ICO announced that it will send letters to websites and apps that caused it concern and cautioned that it “wouldn’t rule out enforcement action in this area if required.”
[1] Research for both the ICO and the FTC surveys was coordinated by the Global Privacy Enforcement Network.