US FTC tightens privacy rules for kids’ apps

Caitlin McGarry
20 December, 2012
View more articles fromthe author

The US Federal Trade Commission will tighten its regulation of mobile apps for kids next year after a recent survey revealed that privacy leaks were common.

The new rules, which go into effect in July, require websites and apps geared toward children to obtain parental consent before tracking kids’ behaviour or collecting photos, videos, or other identifying information.

But app platforms such as Apple’s App Store and Google Play are exempt from the new regulations, so app developers alone are responsible for complying with the law. And the rules don’t apply to commonly used third-party plug-ins, including the Facebook “Like” and Twitter “Tweet” buttons, if those providers can prove they didn’t know the plug-ins were being used on kids’ sites or apps.

The US federal government has long tried to protect children’s online privacy, beginning in 1998 with the Children’s Online Privacy Protection Act (COPPA). The law applies only to websites. The FTC, which enforces COPPA, two years ago began soliciting feedback on updating the law for an age of social networks and mobile apps.

“The Internet of 2012 is vastly different than the Internet of 14 years ago,” FTC Chairman Jon Leibowitz said during a press conference announcing the new rules. “Some companies, especially some ad networks, have an insatiable desire to collect information from kids.”

By the numbers

The FTC analysed 400 kids’ apps in Apple’s App Store and Google Play, the app store for Android, and found that 60 percent of the apps sent the device ID to advertising networks or analytics companies; 3.5 percent of the apps sent the phone’s geolocation and phone number with the device ID.

Many apps also contained ads and links to social networks within the app without letting users know before downloading.

“We are especially gratified that this decision puts to rest the longstanding and disingenuous claims by the digital marketing industry that cookies and other persistent identifiers are not personally identifiable information,” said Jeffrey Chester, Executive Director for the Center for Digital Democracy, said in an email. “The revised rules also address the increasingly pervasive use of geolocation, behavioural targeting, and social media data collection.”

Chester’s group filed COPPA complaints against mobile game makers Mobbles, PlayFirst, and TV network Nickelodeon with the FTC after its analysis of kids’ apps was released last week.

Grant Gross of the IDG News Service contributed to this report.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us