The Federal Trade Commission (FTC) recently released a report detailing its review of the privacy information provided to individuals that download mobile apps targeted to children. The report, “Mobile Apps for Kids: Current Privacy Disclosures are Dis app ointing” (aka, the “Privacy Report”), shows that many app developers are not providing parents with relevant information required for those parents to assess what type of data the apps collect and share from users. In the wake of this report, and in response to a call by the California Attorney General, several app stores and developers have agreed to take more steps to improve the information provided to consumers about how their personal information is being used by app developers when they download mobile apps.

The FTC is the federal agency responsible for enforcing the Children’s Online Privacy Protection Act (COPPA) and focused its research around children. In its Privacy Report, the FTC sampled several hundred apps that were targeted to children by searching the Apple App Store and the Android Market for apps that were returned when they searched for the term “kids.” The apps were not downloaded or tested. Instead, the FTC attempted to determine what information it could acquire from the app stores or from the developers’ websites prior to downloading the actual apps. The FTC determined that information provided after downloading the application is less useful as it is provided after the parent has been charged and, perhaps, also after the child has started using the app. After reviewing the apps, the FTC noted that more disclosures are needed prior to download and that it will be conducting additional reviews over the coming months to determine if there are violations of COPPA and will begin enforcement proceedings, where appropriate.

Meanwhile, in California, the California Attorney General contacted app developers to discuss the need for better privacy disclosures in the mobile app arena without a specific focus on children or any other demographic. The discussions resulted in a non-binding agreement between the California Attorney General and six app companies whose services make up a majority of the mobile app market, including Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion. The agreement is meant to set forth privacy principles and does not affect existing law, which already imposes requirements for commercial websites in California to post privacy policies. Under the agreement, the app companies have agreed to do the following:

  • Update their application processes for new and updated apps so that they provide either (a) an “ optional data field for a hyperlink to the app’s privacy policy” or (b) an “ optional data field for the text of the app’s privacy policy or statement describing the app’s privacy practices.” The app companies will take steps to ensure that those hyperlinks are enabled.
  • Provide a way for consumers to report companies that do not comply with the terms of service and a process to respond to those complaints.
  • Follow up with the California Attorney General in six months to evaluate privacy considerations as they relate to mobile technologies.

The recent activities of the FTC and the California Attorney General reinforce the fact that mobile app developers and companies must be careful to comply with privacy regulations—just as companies that target their services to consumers using desktop computers. While the size of the screen on mobile devices often presents a challenge for app developers and commercial websites that want to provide information to app users, this challenge must be addressed head on to ensure that consumers have necessary information regarding how personal information is collected, used, and shared. And, under California law, the privacy policy must also provide consumers with information about how to review and make changes to information that is stored about them.