In my recent blog titled, “Privacy, Children and Mobile Apps,” I noted the Federal Trade Commission’s (FTC) heightened concern following the release of its “Second Kids’ App Report” for the need to consider how best to protect the privacy of children who are using mobile apps. http://allrightsreservedblog.com/2012/12/17/privacy-children-and-mobile-apps/
It appears from the FTC’s December 19, 2012, adoption of amendments to the Children’s Online Privacy Protection Rule, (the FTC Rule) (16 CFR Part 312), http://www.ftc.gov/os/2012/12/121219copparulefrn.pdf , which goes into effect on July 1, 2013, that it is serious about its mandate in this privacy arena.
The FTC has been concerned about the rapidly “evolving technology and changes in the ways that children use and access the internet.” http://www.ftc.gov/opa/2012/12/coppa.shtm The Children’s Online Privacy Protection Act of 1998 (COPPA), assigns to the FTC the role of studying the changing environment and charges it to come up with solutions to balance the competing interests of innovation and the privacy of children.
The new FTC Rule attempts this balance act in the following ways:
- It expands the list of “personal information” that cannot be collected without parental notice and consent. The categories of information now include geo-location, photographs and videos.
- App developers and website operators now will have a streamlined, voluntary approval process for obtaining parental consent. The “to-the-point” privacy policies will be easier to read on smaller screens.
- There are new approved ways for businesses to obtain parental consent (e.g., electronic scans of signed consent forms, video-conferencing, and use of government-issued IDs).
- Covered website operators must adopt reasonable procedures for data retention and deletion.
- The FTC will have more oversight authority regarding self-regulatory safe harbor programs, because now the programs will be required to audit their membership annually and report the combined results to the FTC.
While COPPA and the FTC Rule focus on the protection of the privacy of children under 13, all website operators and mobile app developers, whether or not they market to children, should be attentive to these and likely future regulatory developments. Privacy issues are continuously being examined by many governmental players. To name a few:
- The California’s Online Privacy Protection Act, requires all mobile apps that collect personal data to have a privacy policy.
- The House and Senate considered bills in 2012 to regulate mobile app data collection. http://www.gpo.gov/fdsys/pkg/BILLS-112hr6377ih/pdf/BILLS-112hr6377ih.pdf , http://adage.com/article/digital/mobile-privacy-bill-edges-closer-senate-vote/238768/ , http://www.franken.senate.gov/files/documents/121011_LocationPrivacyProtection.pdf Especially in the wake of the Newtown, Connecticut, tragedy, it is likely that new bills will be introduced in the 2013 Session of Congress.
- The Commerce Department’s National Telecommunications and Information Administration is seeking a standard for mobile app privacy notification.
It would be a mistake to think that this maelstrom of governmental attention to privacy concerns will go away anytime soon or that you can merely “cut” and “paste” a solution. It is important for all website operators who collect personal data and all mobile app developers to educate yourselves about this new reality; and to examine what you are doing now to see what steps you should take to avoid falling off of the “privacy cliff.”