Statement of Jeff Chester: The FTC's "Mobile Apps for Kids" report reveals a mobile app industry--which includes Apple, Google, ad networks, advertisers, app developers and trade associations--demonstrating contempt or indifference about protecting privacy. Since what the FTC found was focused on children, it only compounds the problem. The industry was given advance notice by the Commission that it would issue a follow-up to its Feb. 2012 report, and once again review top kids apps and their privacy practices. The industry got a warning last time, with the FTC saying that "little or no information was available to parents about the privacy practices and interactive fetaures of mobile apps..."
If you get a warning from a police officer or a judge, hadn't you take it seriously? Well, from the rigorous report conducted by the FTC, it's clear the industry showed blatant disregard about the problems. The report also demonstrates a profound indifference to the Children's Online Privacy Protection Act (COPPA). You don't create and distribute (hello Apple, Google) kids targeted apps without ensuring privacy is respected, the app is constructed to treat children fairly (versus offering bribes in order for them to give up more of their data), respects their personal security and enables parents to decide. That's what COPPA is about. And if the online marketing industry can't live with a modest childrens' privacy law, what does that say about their committment to better protect everyone else--all those teens and adults who aren't covered by the law. Nor do we buy the claims by Google and Apple that they can't be responsible for developing rules for their App stores to ensure that child-directed apps have to comply with COPPA. It sounds like they are channeling Mark Zuckerberg. The controls Apple has created are a very coarse approach to what needs to be a nunaced approach. Kids require different rules, different business models. Apple and Google are being irresponsible looking the other way.
As the new report explains, "Industry appears to have made little or no progress in improving its disclosures since the first kids'a pp survey was conducted...Staff examined hundreds of apps for children and looked at disclosers and links on each app’s promotion page in the app store, on the app developer’s website, and within the app. According to the report, “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data. Even more troubling, the results showed that many of the apps shared certain information with third parties – such as device ID, geolocation, or phone number – without disclosing that fact to parents. Further, a number of apps contained interactive features – such as advertising, the ability to make in-app purchases, and links to social media – without disclosing these features to parents prior to download.”
The FTC report makes it clear the industry is failing kids, parents and privacy: "Of the 400 apps reviewed, only 20% contained any privacy-related disclosure on the app's promotion page, on the developers website, or within the app...59%...transmitted some information...back to the developer or to a third-party...56% transmitted the device ID to ad networks, analytics companies, or other third parties."
Below is a statement from Prof. Kathryn Montgomery, American University, who helped spearhead the effort to have COPPA passed in the 1990's:
"This report reveals widespread disregard for children’s privacy rules. In the rapidly growing children’s mobile market, companies are seizing on new ways to target children, unleashing a growing arsenal of interactive techniques, including geo-location and use of personal contact data. It is clear that there is an urgent need for the FTC to update its COPPA regulations and to engage in ongoing enforcement."
Kathryn Montgomery, Ph.D.