Who: Federal Trade Commission (the “FTC”)
Where: US
When: 3 September 2015
Law stated as at: 3 November 2015
What happened:
In 2012, the FTC surveyed developers of apps for children. The survey asked: what information was collected through their app; who was the information shared with; and what information do parents receive about the developer’s privacy practices?
The survey produced two reports (Mobile Apps for Kids: Current Privacy Disclosures are Disappointing and Mobile Apps for Kids: Disclosures Still Not Making the Grade) and found that only 20% of the apps reviewed had a privacy policy available for parents to read before downloading the app. This meant that parents had to download (and where relevant, pay for) the app before finding out what information may be collected.
Three years on, the FTC has revisited the subject with the Global Privacy Enforcement Network (a coalition of international privacy enforcement authorities, including the FTC) by reviewing 364 apps for children in the Apple App Store and Google Play. The FTC reviewed the disclosures available about the privacy practices and other interactive features, such as linking to social media. The FTC also downloaded the apps to examine the data collection and sharing practices.
The survey found that 164 (45%) of the 364 apps for children have privacy policies available for review before downloading. Although this is over double the percentage from three years ago, this still means that parents do not have easy access to privacy policies for the majority of apps available for children. 38 of the apps had privacy policies available in other places, such as within the actual app or on the website of the app developer. The FTC concluded that such information is difficult for parents to find and therefore unlikely to be useful to them.
In addition, 48 of the total 364 reviewed apps had, as preferred by the FTC, short form disclosures in their app descriptions about sharing personal information with third parties, the use of persistent identifiers, in-app purchases, social media integration and/or advertising.
The FTC believes the improved findings may be due to the release of the FTC’s Children’s Online Privacy Protection Rule in January 2013. This widened the definition of children’s personal information to include location, photos, videos, audio recordings and cookies.
In addition, both the Apple App Store and Google Play now provide specific spaces on their app promotion pages for privacy disclosures and the Apple App Store’s ‘Kids’ section requires apps in that group to have a direct link to their privacy policy. Furthermore, in 2012, California made an agreement with major mobile platform providers, which requires all apps to have a privacy policy available to consumers before downloading.
Why this matters:
Over the past three years, there has been an increased awareness in both the US and the UK, of personal data, privacy and the need to protect children using apps on smartphones. However the FTC survey indicates that there is still some way to go on the part of US app developers and one suspects that a similar exercise in the UK would not necessarily lead to more encouraging results.
