Companies with mobile applications focusing on kids could find themselves under Federal Trade Commission scrutiny for failing to follow the Children’s Online Privacy Protection Act. In a recent report from the FTC, many mobile apps for kids collect their personal data and share it without parents’ knowledge or consent.
In response to these findings, the FTC has revised the COPPA rule to include new definitions of terms; what online services need to tell parents; new ways to get parental consent; stronger provisions for confidentiality and security of kids’ personal information; and more oversight of safe harbor programs.
One change is the definition of “personal information” expanding to include information regarding location, photographs and videos. Another revision is the definition of an “operator” as those entities that design and control the child-directed content, such as app developers and site owners, and those who allow outside services to collect information through plug-ins or advertising networks.
If your business has a website or an app targeting kids under 13 or a general audience that includes those under 13, make sure you are compliant with COPPA. Here are some suggestions:
• Make privacy protections integral to design.
• Obtain parental consent before collecting kids’ personal information.
• Give parents choices about the collection and sharing of their child’s personal information.
• Give parents the ability to opt out of the collection or use of their kid’s personal information at any time.
• Give parents access to the collected information and the ability to delete it.
• Safeguard the privacy of children’s collected information: Keep it secure and confidential.
• Retain kids’ personal information only for the amount of time reasonably necessary.
• When disposing of personal information, take reasonable measures to protect against unauthorized access.
Erin T. Dodge, BBB editor