October 5, 2018
Two Democratic senators — Edward Markey of Massachusetts and Richard Blumenthal of Connecticut — sent a letter on Wednesday to the Federal Trade Commission asking for an investigation into whether the thousands of “child-friendly” apps in the market are actually collecting children’s personal information. To do so would violate a federal law protecting children’s online privacy, since it requires sites and apps targeting persons under 13 years old to obtain verifiable parental permission before collecting data.
The New York Times reports that the private information that these apps may be collecting includes “an email address, a precise location, a phone number or persistent digital ID codes that are used for behavioral advertising.”
The senators’ letter referred to an NYT article published in September that described how toddler-friendly apps like “Fun Kid Racing” and “Masha and the Bear: Free Animal Games for Kids,” sent personal data to outside companies. The same article “also found programs in Google’s Play store and Apple’s App Store that were labeled appropriate for children but, once downloaded, sent personal data without verifiable parental consent.”
Blumenthal and Markey also asked the FTC to look into how Google Play and other app stores determine that the apps are indeed “child-friendly” and comply with the privacy law.
“It’s clear that many companies are violating that law, and that we need to put a spotlight on it and ensure that that type of activity is stopped cold,” said Markey, who wants the FTC to examine what details are being culled and shared and how ad firms make sure app developers are in compliance. The NYT’s findings “were consistent with academic research published this year,” wherein “researchers analyzed nearly 6,000 free children’s Android apps and found that more than half shared data in ways that could violate the law.”
New Mexico’s attorney general sued the maker of “Fun Kid Racing” and Google, Twitter and other companies’ online ad businesses, claiming that they violated the children’s privacy law. Further, the suit posits that, “Google misled parents by allowing the apps to remain in the children’s section of its store and failed to act swiftly when researchers contacted the company with concerns that thousands of apps might be improperly tracking children.”
Google spokesman Aaron Stein and Apple spokesman Tom Neumayr both said that developers are required to comply with the federal children’s privacy law. NYT retested “Masha and the Bear” and found that, “the Android version continued to send precise location information and other data to tracking companies,” whereas the iOS version “also still sent a tracking ID number to an advertising company, although it did not send location data.”
App-maker Indigo Kids, located in Cyprus, said it was working on solving the problem.