With more children getting online, the Federal Trade Commission (FTC) is not the only stakeholder concerned about reevaluating regulations related to children’s online privacy. Certain members of Congress are also seeking to review the current landscape of compliance with the Children’s Online Privacy Protection Act (COPPA). Note that the FTC received public comments regarding possible changes in implementation of the enforcement of COPPA in December 2019, and will be responding soon.
Sen. Edward Markey (D-Mass.) and Rep. Kathy Castor (D-Fla.) sent a letter to the FTC on April 21 asking the government agency to investigate around 150 mobile applications accessible through mobile app stores. Their concerns are related to how app store platforms address apps directed to children, including providing apps with a way to market the application through platform-approved family-friendly designation. The letter alleges that the apps are marketed as COPPA-compliant even though an investigation found the apps to be tracking user behavior and disclosing children’s personal information (including for advertising purposes), both without verifiable parental consent. Sen. Markey and Rep. Castor are also concerned that the app stores may have violated Section 5 of the FTC Act, which prohibits unfair and deceptive business practices.
Mobile app store platforms may require app developers to follow strict guidelines to ensure their apps are safe and appropriate for children. COPPA requires an online service operator to obtain verifiable parental consent before collecting personal information from a child under the age of 13. COPPA does not mandate a specific way for operators to obtain consent, which opens the possibility for app developers to seek ways to comply with COPPA through tools or programs provided by third parties, including mobile app store platforms. While it is very important to consider requirements set by app stores, mobile app developers must continue to use a critical eye when assessing how to comply with COPPA and must not run afoul of Section 5 of the FTC Act. In the meantime, app store platforms should consider to what degree they should provide programs and guidelines to app developers while also considering the app store platforms’ unique position of being the distributors of apps that may be directed to children.
There have been considerable number of enforcement actions against app developers under COPPA. In a recent settlement, app developer HyperBeard agreed to pay a $150,000 fine and was ordered to delete all personal information it had collected from children under the age of 13 across its multitude of mobile applications. The FTC alleged that HyperBeard violated COPPA by allowing third-party ad networks to collect personal information in the form of persistent identifiers to track users of the company’s child-directed apps, without notifying parents or obtaining verifiable parental consent. The ad networks used the identifiers to target ads to children using HyperBeard’s apps.
This is not the first time Sen. Markey has called on the FTC to investigate child-directed mobile applications over fears they were not complying with COPPA. However, of note, Sen. Markey’s letter may be received with new reflection given the new administration.