Kids’ brands flout mobile privacy months after COPPA update
By Chantal Tode
December 20, 2013
The Hello Kitty Carnival app
The Hello Kitty Carnival mobile application and the Marvelkids.com Web site are being called out for not getting parents approval before collecting childrens private information in the first big complaint with the Federal Trade Commission since new privacy protection rules for mobile apps went into effect in July.
According to a complaint filed by the Center for Digital Democracy, neither Marvel Entertainment, a subsidiary of Disney, nor Sanrio Digital, which offers the Hello Kitty Carnival app, provides adequate notice or obtains verifiable parental consent prior to collecting personal information about users, something that is required by the Childrens Online Privacy Protection Act. This could be the first of many of these types of complaints as Sanrio and Disney are far from the only childrens brands not complying with the new regulation.
Sanrio is not an anomaly, and the FTC has put out at least two reports in the past year on the widespread failings of mobile apps to attempt to comply with privacy disclosure requirements, said Hudson B. Kingston, legal director at Center for Digital Democracy, Washington.
The industry includes small app developers, but noncompliance is evident among the biggest brands of childrens entertainment, and it seems that until these companies see some enforcement by federal and state agencies they will assume they are safe to skirt the law along with their peers, he said.
Considering the length of time that these updated regulations have been on the books the industry does not have any excuses for not making real attempts to comply. This herd-mentality is not a legal calculation that responsible companies should even consider, let alone adopt.
Data collection practices
The updated Childrens Online Privacy Protection Act which was announced a year ago and went into effect in July addresses data collection practices on mobile phones, apps, social media and online games, requiring that marketers provide adequate notice or obtain verifiable parental consent prior to collecting, using or disclosing personal information about their child users.
The Center for Digital Democracy is urging the FTC to investigate both Sanrio Co. and Disney and bring enforcement action against them for not complying.
For example, the Hello Kitty Carnival game app, which has been downloaded more than 1 million times, enables Sanrio and third parties to access and collect unique mobile device identifiers, location-based information and photographs containing images of children, according to the privacy advocacy organization.
The complaint comes at a time that the amount of time children spend with mobile apps is growing as is parents concerns over how to protect their childrens privacy on mobile.
For example, a new report from Kidoz found that 38 percent of parents fear their kids can access mature apps while playing on an unmonitored mobile or tablet device and 38 percent repeatedly check in while their kids play on a mobile device as a form of safeguarding them.
By not adequately addressing mobile privacy, apps targeted at children run the risk of parents deleting their apps as well as of potential fines from the FTC.
With the industry still not complying with COPPA this is a large problem for families where kids have access to new technology, Mr. Kingston said. The market is expanding and if developers continue to ignore privacy concerns as it grows then the problem is going to grow apace.
Companies need to stop treating children like little adults in terms of app monetization and online tracking, or else they are going to face COPPA consequences in the future, he said.
Chantal Tode is associate editor on Mobile Marketer, New York /