FTC investigates mobile apps makers on children’s privacy
SAN FRANCISCO — Parents often hand over their smartphones and tablet computers to keep their kids entertained.
But most parents are unaware the mobile apps and games that delight their kids are secretly collecting personal information they then share with marketers and other third parties. Now federal regulators are investigating whether mobile apps makers, in transmitting this data without parents’ knowledge or consent, have violated laws that protect children’s privacy.
The Federal Trade Commission declined to name or say how many mobile apps makers it’s probing. But the agency warned developers to clean up their privacy practices and called on Apple and Google — which run the stores where many of the popular apps are sold — to step up their game too.
“Our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents,” FTC Chairman Jon Leibowitz said in a statement. “All the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job.”
A report the agency released Monday found that the vast majority of such apps don’t notify parents or get their consent before collecting personal information, which can include a child’s location or mobile device number.
Quiz: What set the Internet on fire in 2012?
The FTC said 6 out of 10 apps it tested on iTunes and Google Play shared data about a user’s mobile device with other apps developers and third parties.
Apple did not respond to a request for comment. Google said it was reviewing the FTC report.
The Assn. for Competitive Technology, which represents thousands of developers, said mobile apps developers are often young, inexperienced and unaware of their legal obligations. The group has held workshops to train developers on privacy issues.
“This report reminds us how important it is for the industry to focus attention on educating developers on privacy best practices,” the organization’s executive director, Morgan Reed, said in a statement.
The young industry has quickly become lucrative. Research firm SuperData says kids games are a key part of the market for U.S. mobile games, which it predicts will reach $1.6 billion in revenue this year.
Yet many popular mobile apps still don’t have privacy policies. The threat of enforcement could change that, said privacy lawyer Lisa Sotto.
“If the FTC will be naming names, that is real incentive to issue a fully compliant privacy notice,” said Sotto, a partner with Hunton & Williams in New York. “There is no question that the apps community will pay attention.”
The FTC is considering strengthening the Children’s Online Privacy Protection Act, or COPPA, the 1998 law that requires companies to get the consent of parents before collecting information about kids under 13. The move has met with resistance from app developers, technology and media companies and advertising industry groups.
It’s part of a growing effort to protect children’s — and everyone’s — online privacy. Privacy laws have not kept up with the explosion in use of smartphones and tablets.
State regulators are also cracking down on how this nascent industry handles personal information, extending privacy protections commonplace on the Web to mobile devices.
California Atty. Gen. Kamala Harris has brokered deals with the largest companies running mobile app stores to encourage apps to conspicuously post information on how they collect, use and share consumer data. Last week Harris filed a privacy lawsuit against Delta Air Lines alleging that it failed to include a privacy policy in the app it offers for download in online stores run by Apple, Google and others.
The intensifying scrutiny has begun to alter industry practices. Privacy lawyers say mobile app stores are increasingly exerting pressure on apps to adopt privacy policies.
Kids, who are being exposed to mobile screens at an early age at home and in school, are the most vulnerable, said American University professor Kathryn Montgomery, who advocated for the passage of COPPA.
“In the rapidly growing children’s mobile market, companies are seizing on new ways to target children, unleashing a growing arsenal of interactive techniques, including geo-location and use of personal contact data,” Montgomery said. “It is clear that there is an urgent need for the FTC to update its COPPA.”
Regulators are concerned that marketers and others could use personal information such as a young user’s device ID — a string of letters and numbers that identifies a mobile device — to create detailed dossiers on kids’ online activities that include their location. That could prove to be a safety hazard or subject them to intrusive marketing tactics, advocates fear. The FTC is considering categorizing that kind of information as private so that companies would have to get permission from parents before collecting and sharing it.
Some parents say they are alarmed that they don’t know what information is being collected or how or with whom it is being shared.
“It does bother me quite a bit that companies are able to track what kids are doing this way,” said Amy Pittel, 43, a writer and mother of three from Livermore, Calif. “If this is happening without our knowledge or permission, how can we feel that our children are safe?”
