1 / 24

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views of the Commission or any individual Commissioner. . FTC Jurisdiction.

ariane
Download Presentation

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views of the Commission or any individual Commissioner.

  2. FTC Jurisdiction • FTC Act (Section 5) prohibits unfair or deceptive acts and practices in or affecting commerce • FTC also enforces 45 other statutes and more than 30 trade regulation rules • Privacy-related standards the FTC enforces include Children’s Online Privacy Protection Act (“COPPA”), as well as other laws, such as the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act.

  3. FTC Act (Section 5) • Deception a material representation or omission that is likely to mislead consumers acting reasonably under the circumstances • Unfairness practices that cause or are likely to cause substantial injury to consumers that are not outweighed by countervailing benefits to consumers or competition and are not reasonably avoidable by consumers. • Note: Section 5 and COPPA violations often are alleged in tandem – e.g., if you say you don’t collect information from kids under 13, but you do.

  4. FTC Advice for App Developers

  5. Tell the truth about what your app can do. • Disclose key information clearly and conspicuously. • Build privacy considerations in from the start. • Be transparent about your data practices.  • Offer easy to find and easy to use choices. • Honor your privacy promises. • Protect kids’ privacy.  • Collect sensitive information only with consent.  • Keep user data secure.

  6. Children’s Online Privacy Protection Act (COPPA) • COPPA is the only child-specific federal privacy law in the United States. • Among other things, operators of commercial websites and online services must provide NOTICE and obtain parents’ CONSENT before collecting personal information from children under age 13.

  7. COPPA’s Goals • Permit parents to make informed choices about when and how children’s personal information is collected, used, and disclosed online; and • Enable parents to monitor their children’s interactions and help protect them from the risks of inappropriate online disclosures.

  8. Who must comply? • Operators of commercial websites and online services directed to children that collect, maintain, or provide the opportunity to disclose personally identifying information or “PII.” • Operators of general audience sites and services(including teen/tween sites) who have actual knowledge that they collect kids’ PII. • Entities on whose behalf operators collect the information.

  9. “Directed to Children” FTC considers several factors, including: • Subject matter, content, age of models, language, graphics, activities, or incentives; • Whether advertising promoting or appearing on the site or service is directed to children; • Evidence about intended audience; • Empirical evidence about audience composition. • 2011 Proposed Additions: Music & celebrities appealing to children.

  10. “Directed to Children”: Mobile Apps

  11. “Directed to Children”: Social Networks

  12. General Audience • Must have actual knowledge that they collect personal information from children. • “Actual knowledge” can come from asking a child’s age, grade, birthday, other age-identifiers. May also come from notification from a concerned parent or other individual.

  13. What must Operators do under COPPA? • Post a privacy policy and links to the policy wherever personal information is collected. • Give parents direct notice of its information practices. • With certain exceptions, obtain verifiable parental consent before collecting information. And . . .

  14. …Operators also must: • Provide parentsaccessand opportunity to delete child’s personal information and opt-out of future collection. • Limit collection of personal information. • Establish and maintain reasonable procedures to protect the confidentiality, security, and integrityof personal information. • 2011 Proposal: Strengthen security provision; add data retention/deletion requirements

  15. Self-Regulatory Safe Harbor Programs under COPPA • There are 5 approved safe harbors: • Aristotle, Inc. www.aristotle.com/integrity • CARU www.caru.org • ESRB www.esrb.org • Privo, Inc. www.privo.com • TRUSTewww.truste.com • An operator participating in and complying with an FTC-approved safe harbor will be deemed to be in compliance with the Rule.

  16. COPPA Enforcement • FTC actively enforces COPPA. • Agency has filed 20 federal court actions,and has obtained over $7.6 million in civil penalties.

  17. Federal Court Orders • FTC is authorized to seek up to $16,000/violation in penalties, and may also seek: • Deletion of personal information collected without parental consent; • Employee education and written acknowledgement; • Written compliance report to FTC; and • Consumer education.

  18. What is “personal information”(cont’d)?

  19. What is “personal information”? • 2011 Proposal: • Persistent Identifiers not used for “support for internal operations” • Geolocation • Screen-names not used for “support for internal operations” • Photos, Videos • Full name • Physical address • E-mail address • Social Security Number • Telephone number • A screen name revealing e-mail • A persistent identifier combined with personal information or “PI” • Any information tied to PI

  20. Verifiable Parental Consent:2011 Proposed Modifications • Add new methods: electronic scans, video-conferencing, or use of government issued ID that is immediately deleted. • Eliminate Email Plus • 2 new approval procedures: • Commission approval • Safe Harbor approval

  21. FTC Resources for businesses

  22. Exploring the Marketplace

  23. Kids Apps Survey • Reviewed 200 kids apps on Android and 200 on Apple • Looked for disclosures available in App stores or by developers • Very little information disclosed prior to download • Recommendation – app stores, developers and other ecosystem participants need to improve disclosures re data practices

More Related