The FTC cracks down on data collection from kids in mobile apps

Posted on September 26, 2011 by Jim Brock

Mobile app developers should be aware of two significant developments from the Federal Trade Commission about data collection from children:

Parental consent may be required to collect data from children in your mobile app or site.

The “COPPA” laws and regulations require online services to get permission from parents before collecting personal data from children. The FTC recently brought an action against a mobile app developer for an alleged violation of these rules.

The COPPA rules apply to a service:

  1. If it is “directed” at children under age 13, or
  2. If the service actually knows the users age to be under 13.

Under COPPA, personal data may include any of the following:

  • a first and last name;
  • a home or other physical address including street name and name of a city or town;
  • an e-mail address;
  • a telephone number;
  • a Social Security number; or
  • any other information that would allow someone to identify or contact the child.

The rules governing parental consent are complex, and worthy of discussion with your legal counsel. Be sure to look at these factors (as well as FTC guidance):

  • Does the nature of your mobile site or app indicate a focus on young users (considering factors such as subject matter, age of models shown, language, the kind of ads shown, use of animated characters)?
  • Is your app listed in app-store categories that indicate a focus on young users?
  • Does your app collect the age of users, giving you actual knowledge of their age?
  • Do you engage in any analytics or reporting that you use may use internally, which indicates actual knowledge of the age of users?

If you collect personal data from users, but your app is not directed at children, it’s still good form to state this in your privacy policy, and encourage users to contact you to remove any information that may have been inadvertently collected from a child. PrivacyChoice Policymaker provides template disclosure for this topic under the “Data” category.

Proposed new rules would also limit passive data collection about children.

In a proposed extension to these rules, the FTC has proposed also to require parental permission when mobile sites or apps track children across different services, using cookies or other identifiers, even if this is done anonymously. In other words, the COPPA rules could apply even if you are not asking children for information like their name or email address. The proposed COPPA rules revision also includes important changes to the methods to obtain parental permission.

Note: The FTC’s proposal would still only apply to services directed at children, or where there is actual knowledge that the user is under 13 years old. If either of those apply to your app, you should consult with legal counsel about the effect of the proposed revisions.

This entry was posted in Folks, mobile, Privacy Policies, Pros and tagged . Bookmark the permalink.

2 Responses to The FTC cracks down on data collection from kids in mobile apps

  1. Pingback: Developer alert: Flurry analytics adopts new child privacy rule | PrivacyChoice Blog

  2. Pingback: FTC & Data collection (Analytics) from kids in mobile apps | Pixel Envision

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>