The Mobile App Playground: Looking Out for Kids’ Data Privacy

Jun 11, 2020, 09:01 AM by BBB National Programs

The FTC has just announced that they have reached a settlement with children’s app developer, HyperBeard, for unlawfully collecting data from children, users under 13, and using it to target them for behavioral advertising, otherwise known as interest-based advertising. As a result of this settlement, HyperBeard is prohibited from using or benefitting from the personal data they have collected and must delete that data. On top of that? A settlement of $150,000. 

So how did this all start? Back in early 2019, the Digital Advertising Accountability Program (DAAP) and Children’s Advertising Review Unit (CARU) jointly opened an inquiry into HyperBeard based on concerns that  one of their child-directed online apps could be collecting personally identifiable information (PII) from children under 13  without verifiable parental consent.  

CARU and DAAP conducted a thorough investigation of the app’s privacy practices, both overtly and “under-the-hood," to get a sense of exactly what technology the app was employing for data collection. When CARU and DAAP contacted HyperBeard about these concerns, the company did not respond to the inquiry letter, resulting in a referral to the FTC on March 5, 2019.  

Under COPPA, the Children’s Online Privacy Protection Act, if HyperBeard wanted to collect user data from children under age 13 from its app for advertising purposes, they would have needed to obtain verifiable parental consent first. Targeting children for behavioral advertising is an especially egregious COPPA violation because that data can not only reveal a child’s entertainment preferences, but their habits and even their daily routine.  

Because of the sensitive nature of behavioral advertising to children under 13 and concern for children’s overall safety while using mobile apps and games, the FTC and CARU want to empower parents to learn more about the online experiences their children are having. To that end, the FTC developed mobile app safety tips for parents, which include recommending that parents talk to their children about what personal information is and the importance of keeping that information private. The FTC and CARU encourage parents to try out children’s apps first to see how they operate. Parents can, and should, look at screenshots from the app, app reviews, and the app developer’s website and privacy policy to get a good sense of how safe the app would be for their child to use and note whether the app publisher participates in a COPPA safe harbor program. 

FTC_kids-apps-infographic

Parents also often don’t realize when there are settings they can enable to manage their child’s mobile device activity, including Apple’s screen time feature and Google’s Family Link. (To learn more, visit Keeping it Under Control, Parental Control.) Another setting parents can enable on a device a child is using to access mobile apps is Limit Ad Tracking (on iOS) or Opt-Out of Ads Personalization (on Android). This is important for apps that children encounter that may not be specifically intended for children, and therefore may not be treating the data they are collecting as children’s data. This feature disables the device’s advertising ID, which is a type of persistent identifier defined by COPPA as personal information, that allows advertisers to target and serve that device with behavioral advertising.  

The mission at BBB National Programs is to help companies adopt best practices to enhance consumer trust. We are experts in data privacy and truth-in-advertising and want to support companies who want to do good by their consumers. We find that companies respect and participate in the self-regulatory process because they understand that the U.S. economy is built on a fair and transparent marketplace. Our monitoring and enforcement actions within the mobile app environment, and our collaboration with government regulatory agencies like the FTC, are a key part of maintaining a level playing field for all businesses, upholding established best practices for data privacy, and ensuring a trustworthy environment for consumers, especially children.

 

 

Suggested Articles

Blog

The 2000s Introduced the Internet and Influencers to Ad Law

The 2000s was a decade of change as online advertising exploded and, as a harbinger of things to come, the online environment became fertile ground for innovative ways to both communicate with consumers or, for the unscrupulous, take advantage of unwary consumers. The low barriers to entry allowed disrupters to enter the digital space and forced traditional marketers to compete in this space or be left behind.
Read more
Blog

For Developers: Get to Know the CARU Advertising Guidelines

The CARU Advertising Guidelines are widely recognized industry standards that help ensure advertising directed to children is fair and appropriate for its intended audience across any form of child-directed media. The CARU team outlines some key revisions to the Guidelines to which mobile developers should pay heed.
Read more
Blog

Getting Certified: Cisco Demonstrates Dedication to Customer Success through APEC Privacy Compliance

Cisco is an example of how a global company must navigate a variety of legal privacy regimes, while also being dedicated to leading the way on data privacy to maintain and further enhance a trusted relationship with its customers. To thread this needle, Cisco has chosen to rely on a third-party privacy certification offered by our team at BBB National Programs.
Read more
Blog

Lemon Law 101: Understanding the Law and Your Rights

If your vehicle is under warranty, lemon laws require your vehicle manufacturer to repair your vehicle. The federal lemon law, known as the Magnusson-Moss Warranty Act (“Mag-Moss”), and state lemon laws are in place to protect consumers from getting stuck with “lemons.” It is important to understand the difference between state and federal lemon laws as well as how you and your vehicle are covered under each.
Read more