FTC Investigating Mobile App Companies Over Kids' Data Collection

The Federal Trade Commission said Monday that it is
launching investigations of companies employing kids' mobile apps to see if
their policies have violated the FTC Act's prohibitions on unfair and deceptive
practices or the Children's Online Privacy Protection Act (COPPA).

Jessica Rich, associate director, FTC Division of Financial
Practices, would not say which companies those were, or how many.

The announcement of the investigations came in a press
conference announcing the results of a second FTC survey that found that app
stores and creators were not providing sufficient information and notice about
what information the apps were collecting, how it was being used, and with whom
it was being shared. That included interactive elements that allowed kids' info
to be shared or offered them products to buy.

The survey prompted the follow-up investigations to see if
any of the practices uncovered in the study actually violated any laws and
required enforcement actions.

"The results of the survey are disappointing," the
report concludes. "Industry appears to have made little or no progress in
improving its disclosures since the first kids' app survey was conducted, and
the new survey confirms that undisclosed sharing is occurring on a frequent
basis."

Rich said the report should light a fire under app
developers and stores' efforts to provide more and better info. That includes
the multistakeholder meetings involving FTC, the National Telecommunications &
Information Administration and industry are holding to try and come up with
voluntary codes of mobile app privacy conduct per an administration initiative
to establish a privacy bill of rights.

The FTC report was a follow-up to a February report
that was similarly critical, and Rich suggested it showed no improvement. She
said the FTC was planning a third report and said the second report should
"light a fire" under the industry to do a better job of informing
parents before the third report was conducted.

Asked whether any actual harm had resulted from the app
practices identified in the report, Rich said that kids received ads that was
not disclosed to parents, "which many parents don't like," and added
there was "potential" for "great privacy concerns." Among
those were the sharing of phone numbers, geolocation information and device IDs,
all of which could be used to build extensive online profiles.

The FTC is expected soon to adopt changes to its enforcement
of COPPA that would include geolocation and personal identifiers as covered
under the act.

The study was based on a random selection of 200 apps from a
list of the top 480 apps from each of the two app stores, Apple and Google Play
(formerly Android).

Among the findings in the study, tabbed "Mobile
Apps for Kids: Disclosures Still Not Making the Grade"
:

Nearly 60% of the apps transmitted device IDs to the app
developer, ad networks, analytics firms or other third parties.
Only a fifth of the apps disclosed any information on their privacy practices.
58% of the apps contained advertising, while only 15% indicated that would be
the case before download.
22% of the apps had links to social networks, while only 9% disclosed that
fact.
17% contained ability to purchase virtual goods at prices up to $30.
"Although both stores provided certain indicators when an app contains
in-app purchasing capabilities," the study found, "these indicators
are not always prominent and, even if noticed, may be hard for many parents to
understand."

"This report reveals widespread disregard for
children's privacy rules," said American University professor Kathryn
Montgomery, who was instrumental in original children's online privacy
protection legislation. "In the rapidly growing children's mobile market,
companies are seizing on new ways to target children, unleashing a growing
arsenal of interactive techniques, including geo-location and use of personal
contact data.  It is clear that there is an urgent need for the FTC to
update its COPPA regulations and to engage in ongoing enforcement."

CTIA: The Wireless Association suggested that there were
privacy policies out there to be reviewed by parents and kids.

"While we have not had sufficient time to review the entire
FTC report, CTIA reaffirms its members' commitment to honoring and respecting
consumers' privacy and offering them a variety of safeguards. Those include
numerous built-in security features and the ability to better understand how to
manage their information that's shared through wireless devices and services.

"As the wireless industry remains dedicated to ensuring
users' privacy, it's important that wireless users, especially parents and
children, talk with each other about how wireless devices are being used, what
information is being accessed on them and to make themselves aware of the
privacy policies made available by wireless service providers, social networks
and apps. Families should also create appropriate rules for children's use of wireless
devices and services. Our website, GrowingWireless.com, can be a helpful
resource for parents and children to know how to be responsible and safe
wireless users."

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.