Posts tagged with "Children’s Online Privacy Protection Act"

Developments in Privacy Arena for: Mobile Apps & Online Data Breach Notification
Leave a Comment

ATTENTION– mobile app developers and advertisers in the mobile Web environment.  Despite the talk of political gridlock, a combination of federal agencies, private groups and Congress have moved forward in 2013 with ways to solve some of the important dilemmas associated with the protection of personal information.  Here is the scoop as to some of what has been happening and links to important documents which can inform you about the regulatory developments in the mobile Web environment.

·       The Digital Advertising Alliance, a consortium of the some big players in advertising, released guidance this summer explaining the application of their Self-Regulatory Principals, in the mobile app and mobile Web environment.  Their seven Self-Regulatory Principals are at:  http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf.   The Guidance is at:  http://www.aboutads.info/DAA_Mobile_Guidance.pdf.

·       The Federal Trade Commission (“FTC”) developed additional guidance in the form of answers to some FAQ related to compliance with their recently issued Children’s Online Privacy Protection Rule (“COPPA Rule”), effective as of July 1, 2013.

·       Go to http://www.coppa.org/coppa.htm to see the Children’s Online Privacy Protection Act (the “Act”).  The FTC’s Rule, which implements the Act, may be found at:  http://www.ftc.gov/os/fedreg/2013/01/130117coppa.pdf.  You can find the FTC’s Guidance for complying with the Act and answers its FAQ at: http://www.coppa.org/comply.htm and http://www.business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions.

·       The U.S. House of Representatives has not been asleep at the switch.  The House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade, has set up a bipartisan working group to examine online privacy issues and the need to protect personal information while not hindering innovation.  The Subcommittee has also held hearings into the reporting requirements of consumer data breaches.  Currently, the reporting of such Internet breaches of consumer data is covered by a patchwork of state laws. (For a list of the state laws regulating notification requirements for security breaches involving personal information, see http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx ).   Needless to say, the industry would prefer implementation of a uniform technology neutral standard that could be established by federal law.

              In future blogs, I will examine a number of these developments in the protection of personal data and mobile devices in more detail.

PRIVACY, CHILDREN AND MOBILE APPS
Leave a Comment

On December 10, 2012, the Federal Trade Commission (FTC) released its “Second Kids’ App Report” about privacy protections in apps designed for children.  The FTC’s findings were not pretty.   http://www.ftc.gov/opa/2012/12/kidsapp.shtm  

The report found that many of the apps sold and marketed to children transmitted data about phone numbers, precise location and the unique serial code of the mobile device to advertisers and other third parties.  All of this was without the users’ knowledge or consent.  The FTC reviewed 400 of the most popular children’s apps appearing on Google and Apple platforms.  Of those, only one-fifth disclosed data collection practices. 

As a result of this, the FTC announced its intention to examine the practices of some of the app developers to see whether they violated the Children’s Online Privacy Protection Act of 1998 (COPPA), 15 USC Section 6501-6506   http://www.coppa.org/.  COPPA requires website operators to obtain the permission of parents of children younger than 13 before collecting or sharing certain information about the child users.

National laws and regulations like COPPA and state laws all have their own standards for the collection of personal data.  Additionally, there are the possible effects of future laws and regulations.  This is a difficult landscape for the small firm app developer to navigate because of the large number of moving parts.

If you are an app developer, regardless of whether your programs are geared to children, you need to understand these issues and take pro-active steps as these developments along with current and future regulations will affect your livelihood.

One big player among the states is California.  Its Online Privacy Protection Act (CALOPPA) Cal. Bus & Prof. Code Sections 22575-22579, requires all mobile apps that collect personal data to have a privacy policy.  California is fully prepared to play hardball with developers.  Recently, it sued Delta Airline for failing to comply with CALOPPA.  http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-files-suit-against-delta-airlines-failure

The current environment of consumer concern and industry pressure to move forward has a parallel in the recent past when we all endured a glut of SPAM in our e-mail in-boxes.  Various states enacted legislation to regulate the out of control spam, resulting in a patchwork of state laws and regulations.  In 2003, the federal government enacted the CAN-SPAM Act, 15 USC 7701 et seq.  http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003.  Although the Act was not as strict as some wanted, the CAN-SPAM Act did provide order to the cacophony of regulatory schemes as the federal law preempted the state laws.  Needless to say, we are far from getting even that level of consistency.

There is an obvious need for one, nation-wide standard to protect children’s online privacy given the reach of the internet and the broad range of competing interests. But as of now, we are far from a uniform national standard.  And who knows whether Congress will develop a workable fix before the next big online communication method replaces mobile apps? 

However, there is hope. Some groups are trying to be proactive.  For example, the Application Developers Alliance (ADA), http://appdevelopersalliance.org/, and the American Civil Liberties Union (ACLU) have introduced draft app transparency screens.  These prototypes would give consumers a chance to compare the data collection practices of a mobile app, to show the kinds of data collected and the groups with whom it is shared before opening the program.  See http://www.nytimes.com/2012/12/09/technology/effort-to-clarify-mobile-app-data-rights-hits-snags.html    It is not certain that such would meet CALOPPA’s requirement, but it certainly would be a start.

App developers, especially smaller ones, should consider these proactive “fixes” and join a group like the ADA to be kept up-to-date about the many twists and turns in this ongoing story.