The problem is that the apps collect a lot of data about the user. If the user is underage, the apps are supposed to obtain parental permission before storing that data. The study was based on an analysis of the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores.
"While we think most companies have the best intentions when it comes to protecting kids’ privacy, we haven’t seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids. In fact, our study shows that kids' apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents," said FTC Chairman Jon Leibowitz.
Children's online privacy is protected by the Child On-Line Privacy Protection Act (COPPA) and it's not exactly new. The law was enacted in 1998.
Under that law, children must have the permission of their parents before disclosing personally identifiable information to any on-line business, marketer or individual. Originally this concern stemmed from child predator cases, and while that concern still exists, it has begun to shift to marketers or businesses that seek such information in order to target advertising, anticipate trends and to create lifelong profiles on the buying and spending habits of people from an early age.
Tracy Mitrano, Cornell’s director of IT Policy and Institute for Computer Policy and Law, says apps, especially the online applications for games entertainment and social networking, have newly brought this concern into greater focus.
“Not only do studies demonstrate that only a small percentage of children under the age of 13 who download these apps obtain the requisite permission from parents, but that the companies sponsoring the apps neither inform the user of the necessity to do so, nor are transparent about the information they collect in the process of both the download and then the activities of the user,” Mitrano said.
Activity and location tracking
In her own research, Mitrano says she has found these activities increasingly include tracking of Internet activity and physical location of the individual.
“Not only under COPPA is this failure to provide notice and obtain permissions a violation of the law, but the concern returns full circle to original intent of the law, which was personal and physical safety,” she said.
Mitrano says the information the FTC has turned up in its study is alarming. She says she hopes it will bring public pressure on Internet companies, such as Google and Facebook, to come to a reasonable agreement to address the issue.
She sees plenty of motivation among apps and social media companies to address the problem. If they don't, she predicts Congress and the White House will address it for them. But parents, she says, also have a role.
“At its core, however, this issue underscores the importance of public understanding about how technology, the market and user behavior shape public expectations of privacy, and how together with the law these factors may be worked in tandem for youth in particular and for the public good overall," Mitrano said.
According to the FTC, the industry has a lot of work to do. The study found, “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data.