Privacy & Information Security Law Blog

On December 10, 2012, the Federal Trade Commission issued a new report, Mobile Apps for Kids: Disclosures Still Not Making the Grade, which follows up on the FTC’s February 2012 report, Mobile Apps for Kids: Current Privacy Disclosures are Disappointing. The FTC conducted a follow-up survey regarding pre-download mobile app privacy disclosures, and whether those disclosures accurately describe what occurs during use of the apps.

The FTC found that “parents still are not given basic information about the privacy practices and interactive features of mobile apps aimed at kids.” The report elaborated that “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data.” Moreover, the report indicated that many apps marketed to children failed to disclose that information transmitted from a mobile device, such as unique device ID, telephone number and precise geolocation, would be shared with third parties (e.g., data analytics companies). Particularly troubling to the FTC was the fact that numerous app creators use only a handful of data processors, which may allow those processors to aggregate children’s information from multiple apps. Accordingly, the FTC concluded that “despite many high-visibility efforts to increase transparency in the mobile marketplace, little or no progress has been made.”

The FTC outlined four action items to enhance the focus on children’s privacy in the app ecosystem. First, the FTC urged the mobile app industry to design and employ “best practices” to protect privacy. The “best practices” recommended by the FTC are those found in its March 2012 report, Protecting Consumer Privacy in an Era of Rapid Change, and include “(1) incorporating privacy protections into the design of mobile products and services (“privacy by design”); (2) offering parents easy-to-understand choices about the data collection and sharing through kids’ apps; and (3) providing greater transparency about how data is collected, used, and shared through kids’ apps.” Second, the FTC is working on consumer education efforts directed towards parents to enhance their understanding of children’s privacy issues in the mobile app ecosystem. Third, the FTC is initiating “multiple nonpublic investigations” to determine whether particular entities have violated Section 5 of the FTC Act or the Children’s Online Privacy Protection Act. And finally, the FTC will conduct a third survey to determine whether regulatory initiatives have enhanced children’s privacy in the mobile app ecosystem after those initiatives have had an opportunity to develop.