Mobile app developers beware. The FTC is showing that it will not hesitate to go after application developers for leaking personal data or collecting information without proper consent.
The Federal Trade
Commission's fining of a mobile-application developer for collecting children's
personal information without parental consent sends a strong message to other
developers that the agency would closely monitor the mobile software market to
The mobile application from
Broken Thumbs Apps violated COPPA (the Children's Online Privacy Protection Act)
because personal information of children under 13 was collected without
parental consent, the FTC said Aug. 15.
The 20-year settlement with
parent company W3 Innovations and its president, Justin Maples, specifies that
W3 must delete all personal information that had been collected through its
"Emily Apps" software line, pay a $50,000 fine and be subject to FTC monitoring
to ensure it is no longer violating consumer privacy. If W3 slips up, the
company could incur additional penalties of up to $16,000 for each violation,
according to the FTC.
Broken Thumbs Apps develops
and sells a line of "Emily Apps," which lets kids design outfits and
create virtual models, and are available through the "Games-Kids"
section of Apple's App Store. Children are encouraged to send emails to
"Emily" on practically any topic, and those messages were publicly
posted on "Emily's blog" and easily accessed from all Emily Apps
Websites. Children could submit responses to the blog posts that required them
to enter their names and email addresses.
Under COPPA, the privacy
policy has to be prominently posted on Websites with information about what
information is collected and how it is used as well as steps parents can take
to refuse, review or remove the information. Parental consent also needs to be
obtained before data is collected, used or publicized. Passed in 1998, COPPA
applies to anyone who operates an online service or Website directed to
children, as well as operators of general sites and services that are aware
they are collecting information from children.
The case was notable because
it was the first time the FTC indicated it will take action in the mobile
space, Andrew B. Serwin, founding chair of the privacy, security and
information management practice at Foley & Lardner, told eWEEK. Going after mobile application
developers is not a "jurisdiction change" for the FTC because the applications
transmit information over the Internet, according to Serwin.
Organizations with mobile
applications now need to ensure their application complies with laws regarding
privacy and disclosure requirements to avoid being investigated by the FTC,
Serwin said. For applications targeting children, developers will have to
figure out a way to get what COPPA would recognize as parental consent, which
can be a challenge because mobile devices are involved, Serwin said.
The settlement itself was
not a surprise to anyone who had been following the case, Serwin said. The fine
itself wasn't all that high and was relatively reasonable," Serwin said.
The terms of the settlement
were more interesting because they reinforce what the FTC is willing to do to
regulate mobile applications, but they have no requirement for consumer
education, Serwin said.
In the past, when Websites
or online services violated COPPA, they were required to link to, or display,
certain language when personally identifiable information was being collected, as
part of a consumer education remedy. That kind of language would be difficult
to display on a mobile device. The lack of a remedy requirement may indicate that
the FTC understands disclosures need to be handled differently with mobile
applications, Serwin said.
This case is not the only
case involving mobile devices and data on the FTC's radar. Jessica Rich, deputy
director of the FTC's Bureau of Consumer Protection testified earlier this year
to Congress that the agency had several active investigations into privacy
issues associated with mobile devices.
The "Do Not Track Kids
Act" currently introduced in the House of Representatives by Rep. Ed
Markey (D-Mass.) and Rep. Joseph Barton (R-Texas) is an attempt to "bring
COPPA up to date and add additional safeguards for teens," Markey