Mobile Apps Could Be Affected by New COPPA Privacy Rules for Kids

The Federal Trade Commission is considering new changes to the current Children’s Online Privacy Protection Act (COPPA)that would include more than just websites within its protective sphere: third parties such as mobile application developers and ad networks that gather information from children under 13 would also be responsible for obtaining parental permission before kids could use their services.

These changes, should they go into effect, would place a broader range of responsibilities on application developers, a change that at least one industry observer fears could drastically reduce the amount of educational and gaming software available for children.

The proposed changes, which were made public August 6, are the second round of changes proposed for COPPA after the initial round of public commentary that was made in September 2011. The FTC was deluged with so many comments during that first round, the commission opted to make more tweaks to the rules, thus prompting another round of public comments.

Of particular note are the changes to the rules regarding the definition of a “website or online service directed to children,” which would expand to include apps directed at children.

Will App Makers Still Cater to Kids?

Morgan Reed, Executive Director of the Association for Competitive Technology (ACT), worries that this would be such a burden on app developers that they might change their willingness to produce apps for children.

“Companies worried about liability might stop developing apps for kids,” Reed told ReadWriteWeb. There’s a lot of junk apps that won’t be missed, Reed added, but there would also be good educational and gaming apps dropped from the picture, too.

Reed sees a lot of good in what the FTC is trying to accomplish, but the agency is working at a disadvantage. “We’re moving quite a bit faster than the FTC,” he explained.

Indeed, much of the Commission’s wording in this new round of rule changes seems to highlight the FTC’s knowledge of its limitations. As [noted by ReadWriteWeb’s Antone Gonsalves (Kids' Online Privacy: FTC’s New Rules Won’t End the Battle) in early August, one of the other rules changes addresses who has to obtain parental permission when gathering children’s' information. When COPPA was first enacted in the late ‘90s, the entity doing the actual information gathering had to get parental consent.

“At that time, the Commission did not foresee how easy and commonplace it would become for child-directed sites and services to integrate social networking and other personal information collection features into the content offered to their users, without maintaining ownership, control, or access to the personal data. Given these changes in technology, the Commission now believes that an operator of a child-directed site or service that chooses to integrate into its site or service other services that collect personal information from its visitors should be considered a covered operator under the Rule,” the proposal document stated.

You Can’t Just Blame Facebook Anymore

The rule change reflects the way many child-oriented sites now bypass COPPA regs by relying on users' Twitter and Facebook IDs, foisting the parental permission onus on the social networks. No more, if the new rules take effect: the website still be on the hook for getting the parent’s okay.

The expansion of COPPA’s enforcement is not the only change that could affect mobile app developers. The FTC is also proposing that persistent data, such as IP addresses and location, once defined as information that would be used only for the better functioning of the website, now be redefined as personal information. Such a change would mean parental permission would be needed to collect this information, too.

Consumer groups love the idea, but “by contrast, the overwhelming majority of the comments filed by website operators, industry associations, privacy experts, and telecommunications companies opposed the Commission’s expansion of the definition of personal information to reach persistent identifiers, even with the limitation to activities other than or in addition to support for internal operations.”

Little wonder, since now-ubiquitous functions like geolocation would have to get parental permission - which could make a lot of app developers nervous about liability.

Reed says there’s still a lot of room for changes in this next round of public comments, and many organizations, including his, are trying to work with the FTC to balance innovation and commercial success with the need to protect children online.


Lead image courtesy of Shutterstock.