FTC: "The Kids App Ecosystem Needs To Wake Up..."
Today, the FTC released a report titled Mobile Apps for Kids: Current Privacy Disclosures Are Dis appointing. The FTC surveyed apps for children available in the Android Market and the Apple App store. The FTC found that apps can capture a bunch of information from a device and person, but there is a lack of information about data collection and usage available to parents prior to downloading the app. The FTC notes that its methodology for the survey did not include downloading or using any app. Instead, the FTC only looked to what information was available to the consumer via the app store or the developer’s web site prior to downloading the app.
"In most instances, staff was unable to determine from the information on the app store page or the developer's landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who . . . obtained access to such data."
The report calls upon all members of the “kids app ecosystem” to play an active role in providing information to parents. App developers should describe their data practices to consumers using simple and short disclosures or icons. App stores should ensure that app developers have a way to make such disclosures (the FTC suggests that there should be some standardization created by the app store itself to allow for the disclosures). And third parties that collect user information through apps should disclose their privacy practices via a link on the app promotion page or within the app developer’s disclosures.
The FTC says that an app’s privacy disclosures should concentrate on:
• What information the app collects and why;
• How the information will be used;
• With whom the information will be shared;
• If the app integrates with a social network; and
• If the app allows targeted advertising to occur through the app.
The report also indicates that there should be a disclosure indicating if the app includes advertising (even if the advertising is not targeted based on the user’s information).
The FTC does note that the Android Marketplace requires a user to acknowledge certain potentially sensitive capabilities of an app via a permissions screen. However, the FTC says that the permissions screen is not good enough because it does not explain why an app has or needs the access, what the app does with that access or whether the app shares any information with third parties.
The FTC was careful to state that the survey and report did not focus on compliance with the Children’s Online Privacy Protection Act (COPPA). However, the report does conclude that most of the apps surveyed did appear to be “directed to children” within the meaning of COPPA. In fact, the report goes on to say that the staff will conduct an additional review over the next 6 months to determine if some mobile apps are violating COPPA and to evaluate if the app ecosystem is addressing the report released today. In addition, the FTC is going to host a workshop this year in connection with its updates to its “Dot Com Disclosure” guide and one of the topics will be mobile privacy disclosures.