Smartphone Data Collection From Kids Draws FTC Fine
On Monday, the Federal Trade Commission announced that mobile application developer W3 Innovations had agreed to pay a $50,000 fine for its failure to create clear privacy policies for its smartphone applications, as well as for improperly collecting and sharing information on at least 30,000 children under the age of 13.
The FTC complaint--made against W3 Innovations, as well as company owner and president Justin Maples--alleged that they violated the Children's Online Privacy Protection Act of 1998 (COPPA). The law, which the FTC enforces, prohibits the collection of personal information on children under the age of 13 without a parent's prior consent. The law also requires websites to post complete, clear, and understandable privacy policies.
More Security Insights
- The Importance of Managing Privileged Accounts
- Three Principles to Improve Data Security and Compliance
Legal experts said this is the first FTC case to involve smartphone applications. But as more people embrace smartphones, tablets, and other mobile devices to meet their computing needs, don't expect it to be the last.
According to the complaint, W3 Innovations "allowed children to publicly post information, including personal information, on message boards. These interactive apps send and receive information via the Internet, and are online services covered by the COPPA Rule." Furthermore, said the FTC, "the defendants did not provide notice of their information-collection practices and did not obtain verifiable parental consent before collecting and/or disclosing personal information from children," which violated COPPA.
W3 Innovations, which does business under the name Broken Thumbs Apps, bills itself on LinkedIn as "a small, family-owned and operated mobile device app developer based out of Silicon Valley," and according to its website, has four employees. The 40-odd mobile applications it's developed for Apple iOS feature titles such as "Emily's Dress Up and Shop," "Santa's Run," "Beer Toss," and "Zombie Duck Hunt."
Several of the company's applications, including six "Emily"-themed applications--first released in February 2010 and collectively downloaded more than 50,000 times--drew the FTC's attention since they were designed for children. According to the FTC, "the Emily apps encouraged children to email 'Emily' their comments and submit blogs to 'Emily's Blog' via email, such as 'shout-outs' to friends and requests for advice." But, according to the FTC complaint, W3 Innovations "collected and maintained thousands of email addresses from users of the Emily apps," without first obtaining parental consent.
As part of its settlement, W3 Innovations agreed to not violate COPPA, as well as to delete all information it collected in violation of COPPA rules.
This isn't the first time that the FTC has fined a company for COPPA violations. Notably, in 2006, blogging community Xanga paid a $1 million fine for improperly collecting, using, and disclosing information relating to children under the age of 13.
Where smartphone applications are concerned, there's room for improvement. "In the app world, which often implicates cloud computing, there is a serious question of how app developers will handle privacy," according to a recent post to the Hogan Lovells Chronicle of Data Protection blog.
See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.