Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

FTC fines children’s app maker $50K for privacy violation

In its first settlement related to deceptive mobile applications, the Federal Trade Commission has ordered an app maker to pay $50,000 to settle claims that its program illegally collected and disclosed the personal data of tens of thousands of children.

According to the FTC, a number of children's game-playing apps produced by Cupertino, Calif.-based W3 Innovations violated a federal law that requires website operators to state their information-collection policies and obtain parental approval prior to accumulating and disclosing personal data about children ages 12 and under.

Specifically, W3, which does business as Broken Thumbs Apps, violated The Children's Online Privacy Protection Act (COPPA) by collecting and maintaining the email addresses of children, and permitting them to publicly post personal information on message boards from their apps.

The apps in question – Emily's Girl World, Emily's Dress Up, Emily's Dress Up & Shop and Emily's Runway High Fashion – appeared in the children's section of the Apple App Store and were installed roughly 50,000 times, according to the FTC.

Broken Thumbs Apps said in a statement emailed to SCMagazineUS.com that it collected the email addresses to improve the experience of its customers who wanted to interact with each other.

"As soon as the FTC informed us of its specific concerns –  and long before entry of [Monday's] order – we took corrective action," the statement said. "Any violations were inadvertent.  But because our apps may appeal to young people, we have implemented a strict email policy that removes any possibility of collecting and retaining email addresses, even unintentionally, from users under the age of 13."

Under the settlement, announced Monday, the app maker must pay the fine and is barred from any future violations of COPPA.

Amber Yoo, a spokeswoman for the nonprofit Privacy Rights Clearinghouse, said the settlement should "send a message" to app developers, most of which are small shops, that they must pay attention to privacy.

However, she admitted, the United States lacks a baseline federal law that addresses privacy on the internet and on mobile devices. In the meantime, consumers should be skeptical of what they install and ensure the app has a strong privacy policy.

"Smartphone usage is becoming more widespread," Yoo told SCMagazineUS.com on Tuesday. "Therefore app developers are seeing this as a lucrative market, and there is little protecting consumers."

Andy Serwin, a partner at Foley & Lardner and chair of the law firm's privacy practice, said noticeably missing from the FTC consent order, versus what has appeared in other COPPA decrees with website operators, is a requirement that the company include links to consumer education resources.

"They're [the FTC] aware there are some limits in how you can do disclaimers [in the mobile space]," he told SCMagazineUS.com. "This shows they will be realistic in what you can and can't do versus what you do with the web."

Serwin added that while the action against Broken Thumbs Apps shows the FTC is paying attention to mobile applications, the ruling does not have "a lot of application beyond kid-directed games" because there were no allegations of deceptive disclosures.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds