It goes without saying that the Children’s Online Privacy Protection Act of 1998 applies to websites, but what about mobile apps? Many app developers are unclear as to the answer as evidenced by the proliferation of apps that violate COPPA.
The answer is simple – yes, the law applies to mobile apps directed at kids under 13 or apps for which children under 13 are known to be using.
COPPA was drafted in 1998, which would seem to be well before the mobile apps craze started. In truth, the first mobile app was technically created in the 1970s when Nokia put a video game called “Snake” on some of its phones. Nonetheless, it is true the explosive popularity of apps as we know them today did not begin until nearly a decade after COPPA was enacted. How then can the FTC claim the law applies to mobile apps? The answer is found in subsection 15 U.S. Code § 6501(2)(A) of the law:
(2) The term “operator”—
(A) means any person who operates a website located on the Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or maintained, where such website or online service is operated for commercial purposes…
The FTC takes the position that any app that connects to the internet or a large network is an “online service” and thus covered under the law. Following a revision to the FTC COPPA Rule in 2013, the Agency now also takes the position the law applies to third party plugins and ad networks collecting personal information from kids under 13.
The powers that be with the FTC are believed to be very unhappy with the current state of COPPA compliance in the app industry. As smartphones and tablets have exploded in popularity, the Agency has begun performing surveys and general investigations to determine the level of compliance for apps targeting kids. A report issued by the FTC in December 2012 found that level to be abysmally low.
In response, the FTC decided to focus on programs designed to alert and educate businesses in the apps industry to the presence of COPPA and the compliance obligations associated with the law. The strategy proved successful to a point, but there remains a large section of the industry that has not changed. Given this, it is expected the FTC will start pursuing numerous enforcement actions against the app industry over the next few years to give the industry a swift kick in the pants. States such as New Jersey, Maryland and Texas have already started down this road.
The FTC settlement with the company behind the Path app is an example of how enforcement efforts might shake out in the future. Path was charged with violating COPPA based on the fact the management of the company was actually aware there were approximately 3,000 kids under 13 using its app but took no steps to gain parental consent. Proving the claim was simple for the FTC since the registration form for the app required individuals to enter their birth date!
Was Path guilty of violating the law?
Did Path violate the law intentionally and with malice?
A review of the evidence suggests the management team was simply unaware of the COPPA violations. To this end, the company published the following on its blog after resolving the matter:
We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.
Unfortunately, ignorance is not a legal defense. Path paid $800,000 to settle the FTC charges.
Whether you are a developer or company offering apps to the general public, COPPA compliance is a must where the app is either directed at kids under age 13 or kids in this age group are known to use the app. Contact us today to learn more about mobile app compliance and avoiding the fate of Path.