What was the lay of the land in 2012? As we reported in Mobile Apps for Kids: Current Privacy Disclosures are Disappointing and Mobile Apps for Kids: Disclosures Still Not Making the Grade, many apps shared kids’ information with third parties without telling parents. Furthermore, Moms and Dads had little or no access to information about the apps’ privacy practices. That put parents in a bind since it made it nearly impossible to evaluate an app’s privacy practices before downloading – in other words, before they had paid for it and before the app started to collect information about their kids.
Our new survey explored similar terrain. This time, we looked at 364 kids’ apps in Google Play or the Apple App Store. We considered disclosures about apps’ privacy practices and interactive features – for example, links to social media. We also downloaded and used the apps to learn about their data collection and sharing practices. (Methodology mavens can get the details here.)
Here’s what we learned about the apps included in our survey: 164 of them (45%) had privacy policies that could be viewed from a direct link on the app store page.
Of the apps we surveyed, an additional 38 include privacy policies in harder-to-find places – for example, within the app or on the app developer’s webpage. Of course, information that’s difficult for parents to locate isn’t likely to be of much benefit to them.
Of all the apps, 48 included short form disclosures in their app descriptions about the sharing of personal information with third parties, the use of persistent identifiers, in-app purchases, social network integration, or the presence of advertising.
We don’t know for certain why there has been an increase in easy-to-locate privacy policies since our last survey, but a few factors may have contributed to this welcome development. First, changes to the FTC’s Children’s Online Privacy Protection Rule took effect in January 2013. The updated rule widened the definition of children’s personal information to include geolocation data, photos, videos, audio recordings, and persistent identifiers like cookies that track a child’s activity online. Perhaps the renewed focus on kids’ privacy encouraged some app developers to be more transparent about their practices, regardless of whether their apps are covered by COPPA.
Whatever the reasons for the increase in direct links to kids’ app privacy policies, it’s a step in the right direction. That said, a significant portion of kids’ apps still leave parents in the dark about the data collected about their children – so there’s more work to be done. Furthermore, for improved disclosures to have any value, they must accurately reflect what the app is up to. We’ll dive deeper into that issue in upcoming blog posts.
A side note on the survey: These findings are part of the third annual Global Privacy Enforcement Network (GPEN) privacy sweep. GPEN connects privacy enforcement authorities to promote and support cross-border cooperation. This year’s GPEN sweep brought together 29 privacy enforcement authorities from around the world. With the explosion in children’s connectivity, the sweep centered on the privacy practices of websites and apps popular among kids.