The Federal Trade Commission released today its second report on mobile apps directed to children. The report, which follows up on an analysis that staff conducted in February 2012, examined the privacy disclosures of hundreds of kid-directed mobile apps and tested the apps’ practices against these disclosures to determine if the disclosures were accurate and complete.
Staff found the results of the second report “disappointing,” concluding that many apps do not contain privacy disclosures that fully explain how the app collects, uses, and discloses children’s data. Among other things, the report focused on disclosures related to advertising, links to social media, and in-app purchases.
Announcing the release of the report, Jessica Rich, Associate Director, FTC Division of Financial Practices, expressed concern that a number of the apps disclosed device identifiers to third parties, including ad networks and analytics companies. She emphasized that the staff made no findings about how these third parties used the device identifiers, but noted that the FTC’s proposed revisions to the Children’s Online Privacy Protection Act (COPPA) Rule would treat this information as “personal information” for purposes of COPPA, unless the data is used to support internal operations. (Ms. Rich declined to comment on the timing of the release of a final COPPA Rule; other FTC staff previously have suggested the final Rule might come in the next few weeks or early next year.)
Ms. Rich also stated that the Commission is investigating whether the apps violate laws such as COPPA or Section 5 of the FTC Act. At the same time, she emphasized that the issues raised in the second report are widespread and that the report is focused on identifying industry best practices. She encouraged industry to accelerate self-regulatory efforts to improve mobile app disclosures. In particular, she applauded recent efforts to develop icons and similar mechanisms to shorten privacy policies for mobile apps.