FTC Warns Mobile App Developers About Privacy Practices

By Samuel Castic, J. Bradford Currier, and Lauren B. Pryor

In another example of its recent efforts to step up enforcement on a variety of privacy-related issues, the Federal Trade Commission released a staff report on privacy disclosures for mobile applications used by kids. The report follows a recent FTC enforcement action against a mobile app developer for children and a notice of proposed rulemaking to amend the Children’s Online Privacy Protection Act (“COPPA”). The staff report represents a “warning call” to the app industry to provide parents with easily accessible, basic information about the mobile apps that their children use.

Under COPPA, operators of mobile apps directed at children under the age of 13 must provide notice and obtain parental consent before collecting personal information from children. The report surveyed approximately 1,000 apps designed for children and reviewed the types of privacy disclosures currently available to parents and kids. The FTC found that users frequently received the privacy disclosures only after downloading the app, limiting parents’ ability to “pre-screen” apps for their children. Additionally, the FTC reported that app websites often failed to provide meaningful notice regarding the data collection features of the app such that parents were not informed as to whether the app collecteddata from their children, the type of data collected, the purpose for such collection, and what parties may access such data. The FTC found this lack of disclosure troubling, especially in light of current technologies that allow mobile apps to access a child’s information with the click of a button and to transmit it invisibly to a wide variety of entities. 

In light of these concerns, the report offered four key recommendations:

  • App developers should provide “simple and short” privacy disclosures that are easy to find and understand on a mobile device screen;
  • App developers should “alert parents if the app connects with any social media, or allows targeted advertising to occur through the app”;
  • Third parties obtaining user information through apps should make their privacy policies “easily accessible” through a link on the app promotion page or in the app developer’s disclosures; and
  • Companies that provide platforms for downloading mobile apps should take action to help better protect kids and inform parents (e.g., develop a uniform practice for developers to disclose data collection practices).

The FTC plans to conduct additional reviews over the next six months to determine whether to take enforcement action against app developers that violate COPPA. The FTC also plans to hold a workshop on mobile privacy issues later this year.

Copyright © 2016, K&L Gates LLP. All Rights Reserved.