For the past year, Moms With Apps has been following the conversation about children’s online privacy, specifically in relation to mobile apps for kids. We have responded to government reports, kept current on proposed recommendations, forged new solutions, and engaged in dialog with everyone from parents to policymakers. Despite these measures, it continues to be challenging to navigate fluid laws in parallel with the rapid pace of innovation.
After two days of meetings in Washington DC with the White House, Federal Trade Commission, and Congressional representatives, we get the impression that efforts by parent app developers to “do the right thing” are appreciated and encouraged. We value the attention from those who listened to our stories about why we create apps for kids, and how our ultimate hope is for these apps to provide educational benefits for families.
In this post I’ll give an overview of what we did, and will conclude with recommendations on where we can go from here…
What was the event? The ACT Flyin is an annual event where software developers have an opportunity to speak to their congressional representatives about issues related to innovation and technology.
Who did we meet? Monday, several of the MWA developers attended a 30 person meeting at the White House. Tuesday we had sessions with Federal Trade Commission attorneys from COPPA proposed rules, Privacy & Identity, Mobile Technology, and the office of a Commissioner. We also met with the offices of our regional Representatives and Senators.
What topics did we cover? The high level topics included spectrum, piracy, and privacy. But the majority of conversations with MWA developers focused on children’s online privacy, and the privacy icon project. At every meeting, I pulled out my marked up copies of the FTC Reports, distributed the privacy icons, and opened dialog about how we use data. Each developer shared stories about how their apps work, how they are marketed, and what type of analytics data is useful to app developers.
Impressions? I am grateful for the time we had with the FTC. Here are the people who are shaping the regulatory framework for children online, and we were able to connect in advance of the final COPPA rule-making. Although it’s tough to get specific answers from lawyers who are in the midst of writing regulation, it was not tough to see that they were interested in our progress.
Where do we go from here? A few ideas…
1. Design Products for Kids With Care – Everyone wants to keep kids safe from harm or exploitation – it’s a globally recognized goal. Laws are designed to uphold child safety, which is why online services for kids under 13 can have more restrictions than products designed for a general audience. When we develop apps for kids, features that involve targeted marketing or personal identity require parental permission by law. Even if your intention isn’t to market to a child, or to identify a child – it’s important to be clear on what could enable those things so as not to get caught in a sticky situation.
2. Understand How Your App Uses Data – Start thinking about your app in terms of how it uses data so that when COPPA is updated, you aren’t caught off guard. In an exercise to try and classify data frameworks in apps, I came up with the following six categories:
Basic – An app that is completely self-contained, with no way to escape except for the home button.
Analytics – Apps plugged into a dashboard where developers can see anonymous, aggregated data with session length, number of users, types of devices, crash reports, and areas of the app people are using most.
Interconnected – What other online services can be instigated from within the app? Can you email, connect to a social network, make a purchase, or connect to the web?
Published Content – What content that I create with the app, can I publish and share from the app? For example, photographs, audio clips, artwork, or text created from within the app to be shared beyond the app.
Multi-User Profiles – Can I set up my own user profiles within my app? For example, can I set up student profiles and access their progress reports? If so, is that information stored centrally or only locally within the app?
Data Collection, Storage, and 3rd Party Functionalities – Can the developer contact users based on what the users input into the app? Does the app query for personal registration from either the app developer or a 3rd party SDK?
Note: My understanding is that only the last scenario, “data collection”, will trigger COPPA under current law. But the proposed rules use language like “requesting, prompting, or encouraging a child to submit personal information online”. So think about that, and evaluate where you fit.
Write a consumer-friendly statement about how the data in your app works, and link this to your full policy. If your app does not use any data, a statement to let people know this can build trust in your brand.
I recommend the Privacy Choice Mobile Policymaker, a tool to auto-generate a policy based on specific features in your app. It also has the “apps for kids” privacy icons (inspired by MWA developers) to inform parents about in-app features prior to download.
4. Privacy icons on your app OR website
5. Realize that “Playing Nice with Data” is a Team Effort
Keeping kids safe online is a team effort. Moms With Apps has taken the steps to stay informed, and to encourage developers to “do the right thing”. We also need parents to stay engaged with their children’s online activities and keep up with technological advances. In addition, we need platform providers, like the app stores, to give developers enough tools to describe, rate and classify their apps so parents can make informed decisions. And finally, we need policymakers to understand that for every “bad” story they hear in the media, there are plenty of “good” stories about how data is being used to improve and enhance our lives.