News by Andrew Kameka on Wednesday December 19, 2012.
|Sponsored links, if any, appear in green.|
The FTC recently repeated its call for all stakeholders in the mobile app industry to establish best practices for collecting user data in apps and services that target children. Though that declaration was non-binding, the agency has taken the added step of officially banning some of the activities that spurred its calls for industry reform.
The FTC has amended the Children Online Privacy Protection Act of 1998 (COPPA) that forbids the collection of personal data from users under the age of 13 without a parent's permission. The law has been updated to include provisions that make it illegal to knowingly collect geolocation, photographs, and videos from minors under the age of 13 who do not have a parent or guardian's permission. It also closes a loophole that permitted apps that rely on third parties or plug-ins to collect that information, and requires that operators and service providers take "reasonable steps to release children's personal information only to companies that are capable of keeping it secure and confidential."
The rule changes make exceptions for collecting personal information when a persistent identifier (IMEI or mobile device id) is used only for supporting internal purposes like advertising or basic analytics, but it requires consent before attempting to use that information for contacting users or behavioral advertising. In other words, it's permitted to use geolocation to show local advertising, but consent is required to use geolocation and a child's user history to show ads based on the games played or content read within an app. There's no single method to obtain permission, but the FTC approves of obaining "verifiable parental consent" from electronic scans of consent forms, video conferecing, government-issued ID, or payment systems.
Much has changed since COPPA was written in 1998, so the FTC's amendments are designed to bring the law in tune with today's issues and climate. The rule changes reflect that apps are more interactive today than websites were in 1998, and technological advancements have also raised new concerns about privacy. App and plug-in developers who violate these rules by knowingly collecting personal information of a child without parental consent could face damages once these rules go into effect July 1, 2013. App store managers like Apple (The App Store), Google (Google Play), and Microsoft (Windows Phone Store) would be exempt from liability because they are merely distribution portals for child-targeted content.source: FTC
Andrew is based in Miami, Florida.