App developers – Disregard COPPA at Your Own Risk
Assuring compliance with privacy standards used to be a lot easier. Now with new guidelines for “contextual” notice, mobile app developers must develop must develop new features and procedures unique to the mobile marketplace.
Let’s start with a simple example. First. follow the law. In our example, this involves COPPA, the children online privacy protection act. Frankly, too many mobile App developers give only cursory thought to COPPA. An unnecessary and costly risk.
This month (Feb. 2013), the developers of the mobile app Path agreed to settle chargers brought by the FTC (Federal Trade Commission) that they violated COPPA standards by failing to obtain parental authorization before collecting personal information from children under the age of 13. Path allowed children under 13, based on date of birth inputs, to register an account, build a profile, submit personal information and share personal details. Moreover, Path gained access, without notice or permission, to the smartphone’s address book and collected any available information. And the result?
- Path has to develop a comprehensive privacy procedure;
- Path has to obtain an independent privacy assessment every other year for the next 20 years; and
- Path has to pay $800,000 to settle charges for violating COPPA.
A bit of forethought would have prevented this problem.
- Next, Path would have had to either prevent children under 13 from ever registering an account or require parental notice and approval before doing so.
Contextualizing privacy terms is a new approach to mobile compliance. It’s structure is still developing and it doesn’t have an equivalent in the online/desktop world. Nonetheless, privacy legal experts will need to develop new approaches to what has been considered old “hat”. How do I assure that users receive, acknowledge and understand my clients’ privacy practices when delivered on a mobile platform. A challenge? Yes, but not without solutions.