The Federal Trade Commission (“FTC”) recently issued a staff report, Mobile Apps for Kids: Current Privacy Disclosures are DisAPPointing, discussing the results of a survey of mobile device applications (“Apps”) for children (the “Staff Report”). According to the FTC, in the majority of cases, the survey reveals that neither the stores through which Apps are made available nor the developers of the apps provide the information parents need to determine what data is being collected from their children, how it is being shared or who will have access to it.
The Staff Report shows how the number of available Apps has increased tremendously over the years. While there were approximately 600 Apps available in 2008, today there are over 500,000 Apps in the Apple App Store and more than 380,000 Android Apps. The Staff Report also contends that numerous children and teens are active App users. In addition to general audience Apps that are of interest to children and teens, there are many Apps that are intended specifically for children, including Apps that provide children with access to memory games, puzzles, flash cards and books, among other features.
In conducting the survey, the FTC randomly selected 200 of each of the top ranked 480 Apple and Android Apps. The FTC examined the types of Apps being made available to children, the disclosures that are made to App users, the extent to which Apps offer interactive features such as connectivity with social media, and the ratings and parental controls offered for such Apps. The FTC concluded that Apps are capable of automatically collecting a very broad range of user information, including the user's precise geo-location, phone number, list of contacts, call logs, unique identifiers and other information stored on the device. While Apps can automatically collect this information, the FTC claims that there is a paucity of information about App data collection and use practices.
As a result of the survey, the FTC made the following recommendations in the Staff Report:
In the Staff Report, the FTC recognizes the challenges that App developers face in conveying all necessary disclosures in the limited screen space available on smartphones and related devices and asserts that further steps should be taken to identify the best way to communicate privacy policies in plain language and in easily accessible ways on the small screens of mobile devices. The FTC is planning on hosting a public workshop later this year to explore how companies can provide effective online disclosures. It is anticipated that one of the topics to be explored at this workshop will be how to effectively deliver privacy disclosures on mobile devices.
Companies that are involved in any way with mobile Apps, whether through development, distribution and/or marketing of such Apps, should pay close attention to the Staff Report. The FTC has been clear that it considers the Staff Report to constitute a “warning call” to the industry to provide more information about the privacy implications of Apps directed toward children. Specifically, stores, developers and third parties providing Apps should focus on the recommendations outlined in the Staff Report.
More generally, developers and providers of general audience Apps should also analyze their data collection and use practices, as well as the privacy policies and disclosures for their Apps. The Staff Report comes at a time of increased focus on Apps across the board. Last month, California State Attorney General Kamala Harris (D) announced an agreement with six mobile App platform providers aimed at encouraging App developers to provide more accessible privacy policies. More recently, the Electronic Frontier Foundation proposed a Mobile Use Privacy Bill of Rights. Lastly, Senator Charles Schumer (D-NY) has asked the FTC to investigate Apple and Google for allowing Apps to access photographs and address books of mobile users.
All of these developments suggest that there will be a continued focus on Apps and privacy in the near future.
For more information about the contents of this alert, please contact:
Privacy & Data Security
© 2015 Goodwin Procter LLP. All rights reserved. This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided with the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin Procter LLP, Goodwin Procter (UK) LLP or their attorneys. Prior results do not guarantee similar outcome.
Goodwin Procter LLP is a limited liability partnership which operates in the United States and has a principal law office located at 53 State Street, Boston, MA 02109. Goodwin Procter (UK) LLP is a separate limited liability partnership registered in England and Wales with registered number OC362294. Its registered office is at Tower 42, 25 Old Broad Street, London EC2N 1HQ. A list of the names of the members of Goodwin Procter (UK) LLP is available for inspection at the registered office. Goodwin Procter (UK) LLP is authorized and regulated by the Solicitors Regulation Authority.