The Federal Trade Commission issued its second staff report on mobile apps directed to children, stating that parents are not being provided with information about what data an app collects, who will have access to that data, and how it will be used. The FTC warned in the new report that it is launching multiple investigations to determine whether certain entities in the mobile app marketplace have violated the Children's Online Privacy Protection Act (COPPA), or engaged in unfair or deceptive trade practices in violation of the FTC Act.
According to the FTC, little progress has been made in addressing the privacy concerns the Commission raised in its first report on kids' apps released in February 2012. The new report is based on a survey conducted by FTC staff during the summer of 2012. FTC staff searched for kids' apps in the Google Play and Apple App stores and randomly selected 200 apps from each store. They examined disclosures and links on each app's promotion page in the app store, on the app developer's website, and within the app. Staff members also downloaded all 400 apps and used them to determine whether the apps contained certain interactive features (advertising, the ability to make in-app purchases, and links to social media) and whether they collected or transmitted any information from the mobile devices they were tested on.
Overall, FTC staff found that a majority of the apps surveyed collected or transmitted information from the mobile device. Nearly 60% of the apps transmitted device ID to the developer or, more commonly, an advertising network, analytics company, or other third party, and 14 of the apps that transmitted device ID also transmitted geolocation and/or phone number.
The survey revealed that only 20% of the apps that the FTC staff reviewed disclosed any information about the app's privacy practices. "The survey results described in this report paint a disappointing picture of the privacy protections provided by apps for children. . . . It is clear that more needs to be done in order to provide parents with greater transparency in the mobile app marketplace."
In addition to launching investigations, the FTC intends to issue consumer education directed to parents to help them navigate the mobile app marketplace and avoid apps that fail to provide adequate disclosures about how children's information will be used.
The FTC is also expected to publish a final version of its revised COPPA Rule. The proposed revisions would broaden the definition of "personal information," "operator," and "website or online service directed to children." The FTC's COPPA Rule requires, among other things, that online services and websites directed to children disclose their privacy practices and obtain verifiable parental consent before collecting personal information from children.
Another government agency is also addressing mobile privacy: the National Telecommunications and Information Agency (NTIA) is holding another meeting for stakeholders on December 17 to discuss its draft of a Mobile Application Transparency Code of Conduct.
And the 113th Congress will begin its legislative session on January 3, 2013, so we expect to see some of the mobile privacy bills from the last year re-introduced in 2013.