The global nature of the Internet does not lend itself well to the enforcement of laws in specific countries against entities in another location due to cross-border technical legal issues. The Global Privacy Enforcement Network [“GPEN”] is an organization created to encourage discourse between agencies responsible for privacy law enforcement in different countries. Although GPEN is a little-known entity, it is now relevant to mobile app providers across the world because the FTC has just announced 27 countries participating in GPEN have agreed to assist the FTC with COPPA efforts.
The Global Privacy Enforcement Network was founded in 2006. The member countries now total more than 50 and include Albania, Argentina, Australia, Belgium, Bulgaria, Canada, China, Colombia, Czech Republic, European Union, Estonia, France, Germany, Gibraltar, Guernsey, Hungary, Ireland, Isle of Man, Israel, Italy, Korea, Kosovo, Lithuania, Luxembourg, Macedonia, Mauritius, Mexico, Moldova, Monaco, Netherlands, New Zealand, Norway, Poland, Singapore, Slovenia, Spain, Switzerland, Ukraine, United Kingdom, and the United States.
The value of GPEN has been primarily in creating a forum for the exchange of information by privacy agencies to facilitate policy development. Rumblings of a more active role in enforcement actions have long been rumored, but little tangible action has actually come to fruition. Put another way – plenty of conferences, but not much else.
Privacy and Mobile Apps
On May 11, 2015, the FTC issued a vague press release noting 27 members of GPEN appear to be willing to assist the FTC with COPPA. What, when and how these members will provide assistance is not detailed by the Commission. Instead, the FTC reports the Commission’s Office of Technology Research and Investigation will conduct an analysis of mobile apps directed at children under 13 with a focus on:
- Privacy disclosures,
- Interactive features, and
- Information collection practices.
The FTC intends to issue a report detailing the finding later in 2015.
If the mention of an FTC COPPA study on mobile apps sounds vaguely familiar, it should. The Commission previously investigated the mobile app field in February of 2012 and again in December of 2012. Not to be outdone, GPEN apparently performed another examination of 1,200 mobile apps in 2014. While it is not clear what role the FTC played in the 2014 study, one can’t help wonder if these studies will ever result in tangible action. The only FTC enforcement efforts to this point have been the settlements with Yelp and TinyCo, both situations involving blatant COPPA violations.
Does the FTC GPEN signal the ramping up of a substantive effort to enforce COPPA against mobile apps across borders? The vague press release issued by the FTC does not inspire confidence nor does the following quote and accompanying photo.
“I was pleased to participate in the GPEN workshop in Mauritius last year. I am proud to see, as this report shows [2014 annual GPEN report], GPEN’s continued growth and development of new initiatives. GPEN’s practical focus on establishing and improving mechanisms for enforcement cooperation around the globe is vital to protecting consumers in our interconnected world.”
– Chairwoman Edith Ramirez of the US Federal Trade Commission
The question is whether a conference in Mauritius is a productive event where real policy and enforcement plans are formulated or…well, you decide:
Richard A. Chapo, Esq.