If you hear someone mention “Angry Birds,” do you think — friend who just got a new iPhone 4s, the friend’s tech-saavy 10 year old daughter who sneaks off with the new iPhone 4s or the neighbor’s cat?
The answer to that question for the exploding world of mobile apps is becoming increasingly important. Last fall the FTC brought its first enforcement action against a mobile app for violating COPPA (Children’s Online Privacy Protection Act.) Broken Thumbs Apps had several apps listed under the “Games-Kids” category in an app store and was accused of collecting personal information from children under the age of 13 without parental notification and consent. COPPA has been an active enforcement area for the agency and just in case there was any doubt that the FTC was serious about applying COPPA to mobile apps, the staff released a report late last week largely critical of the data collection practices of app stores and developers when it comes to children.
The report’s key recommendations included: (1) that app stores, developers and third party service providers should be actively involved in providing info to parents about data collection practices to children; (2) such information should be provided in simple and short disclosures and should include whether the app connects to social media or contains ads; and (3) app stores should do more to facilitate app developers sharing information about data collection and sharing practices.
Perhaps more significantly, the Report also noted that during the next six months the staff would be conducting a review of mobile apps for possible COPPA violations. Given the FTC’s increasing focus on this area, parties associated with app development and marketing would be wise, if they haven’t done so already, to review whether their app is “primarily directed” to children and whether their app collects personal information, including doing so “knowingly” from children under the age of 13 even if the app is directed primarily to adults. Any review of information collection efforts would also do well to consider those efforts in light of the FTC’s recent proposed broadening of the definition of “personal information” under COPPA. If in doubt, the active safe harbor program for COPPA should offer some shelter for those who wish to avoid an “Angry FTC.”