Kids’ Mobile Apps Under FTC Probe for Privacy Violations

Second agency report finds few have policies in place

Mobile apps for kids are still flunking in terms of privacy. Most don't even have a privacy policy and far too many kids' apps are sharing information about kids with ad networks and other third parties, according to a new report from the Federal Trade Commission.

With the results of the study, the FTC said it's launching an investigation into specific companies for violations of the current children's online privacy laws. The agency declined to provide specifics as to how many or which companies it plans to investigate.

Companies shouldn't be surprised if they end up in the FTC's crosshairs. There's been plenty of warning from the FTC and also the California Attorney General, which recently sent out warning letters to app developers warning that they must post and follow privacy policies.

Today's FTC report is the second the agency conducted this year to examine privacy disclosures and practices for kids' mobile apps. Its timing would seem to provide more ammunition for the agency's proposed updates to the Children's Online Privacy Protection Act, which would expand the act to mobile devices, among other changes. The FTC is expected to vote on the Coppa changes by the end of the year.

Of the hundreds of apps examined by the agency, 80 percent made no privacy disclosures; only 20 percent provided a link to a privacy policy. Nearly 60 percent of the apps shared information with ad networks or other third parties. More than half of the apps, 58 percent, contained advertising targeting kids, but only 15 percent disclosed the presence of advertising prior to the download.

"It's a little shocking that 10 months later, most apps don't have privacy and data policies," said Alan Friel, an attorney with Edwards Wildman Palmer, who heads up the firm's media and technology practice. 

Both FTC reports were "designed to encourage best practices in the kids' app ecosystem," said Jessica Rich, associate director for the FTC's division of financial practices, during a press conference. "We'd like these efforts to have a chance to develop; we hope this lights a fire under the industry."

In a statement, FTC chairman Jon Leibowitz said, "While we think most companies have the best intentions when it comes to protecting kids' privacy, we haven’t seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids. In fact, our study shows that kids' apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents."

Privacy advocates, which issued a report last week showing parents are concerned about digital marketing practices targeting kids, jumped on FTC's report as more reason for the FTC to move quickly to issue the final Coppa updates.

"This report reveals widespread disregard for children’s privacy rules. In the rapidly growing children’s mobile market, companies are seizing on new ways to target children, unleashing a growing arsenal of interactive techniques, including geolocation and use of personal contact data. It is clear that there is an urgent need for the FTC to update its Coppa regulations and to engage in ongoing enforcement," said professor Kathryn Montgomery of American University's school of communications.

Time is running out for companies to get their privacy and data policy acts together before the regulators lose patience. "I would expect 2013 will be the year that will see numerous law enforcement actions result in some pretty hefty settlements and 20-year consent decrees," Friel predicted. "I also wouldn't be surprised if the class action bar jumped on this bandwagon. If the mobile industry doesn't self-regulate quickly, it will find itself regulated and that's never a good thing."