For the past year, Moms With Apps has been following the conversation about children’s online privacy, specifically in relation to mobile apps for kids. We have responded to government reports, kept current on proposed recommendations, forged new solutions, and engaged in dialog with everyone from parents to policymakers. Despite these measures, it continues to be challenging to navigate fluid laws in parallel with the rapid pace of innovation.
After two days of meetings in Washington DC with the White House, Federal Trade Commission, and Congressional representatives, we get the impression that efforts by parent app developers to “do the right thing” are appreciated and encouraged. We value the attention from those who listened to our stories about why we create apps for kids, and how our ultimate hope is for these apps to provide educational benefits for families.
In this post I’ll give an overview of what we did, and will conclude with recommendations on where we can go from here…
What was the event? The ACT Flyin is an annual event where software developers have an opportunity to speak to their congressional representatives about issues related to innovation and technology.
Which developers attended? Moms With Apps’ attendees included Scott Weiner, Lynette Mattke, Ahmed Siddiqui, Jane Hoffer, Mindy Douglas, Cheryl Bregman, and Lorraine Akemann
Who did we meet? Monday, several of the MWA developers attended a 30 person meeting at the White House. Tuesday we had sessions with Federal Trade Commission attorneys from COPPA proposed rules, Privacy & Identity, Mobile Technology, and the office of a Commissioner. We also met with the offices of our regional Representatives and Senators.
What topics did we cover? The high level topics included spectrum, piracy, and privacy. But the majority of conversations with MWA developers focused on children’s online privacy, and the privacy icon project. At every meeting, I pulled out my marked up copies of the FTC Reports, distributed the privacy icons, and opened dialog about how we use data. Each developer shared stories about how their apps work, how they are marketed, and what type of analytics data is useful to app developers.
Impressions? I am grateful for the time we had with the FTC. Here are the people who are shaping the regulatory framework for children online, and we were able to connect in advance of the final COPPA rule-making. Although it’s tough to get specific answers from lawyers who are in the midst of writing regulation, it was not tough to see that they were interested in our progress.
Where do we go from here? A few ideas…
1. Design Products for Kids With Care – Everyone wants to keep kids safe from harm or exploitation – it’s a globally recognized goal. Laws are designed to uphold child safety, which is why online services for kids under 13 can have more restrictions than products designed for a general audience. When we develop apps for kids, features that involve targeted marketing or personal identity require parental permission by law. Even if your intention isn’t to market to a child, or to identify a child – it’s important to be clear on what could enable those things so as not to get caught in a sticky situation.
2. Understand How Your App Uses Data – Start thinking about your app in terms of how it uses data so that when COPPA is updated, you aren’t caught off guard. In an exercise to try and classify data frameworks in apps, I came up with the following six categories:
Basic – An app that is completely self-contained, with no way to escape except for the home button.
Analytics – Apps plugged into a dashboard where developers can see anonymous, aggregated data with session length, number of users, types of devices, crash reports, and areas of the app people are using most.
Interconnected – What other online services can be instigated from within the app? Can you email, connect to a social network, make a purchase, or connect to the web?
Published Content – What content that I create with the app, can I publish and share from the app? For example, photographs, audio clips, artwork, or text created from within the app to be shared beyond the app.
Multi-User Profiles – Can I set up my own user profiles within my app? For example, can I set up student profiles and access their progress reports? If so, is that information stored centrally or only locally within the app?
Data Collection, Storage, and 3rd Party Functionalities – Can the developer contact users based on what the users input into the app? Does the app query for personal registration from either the app developer or a 3rd party SDK?
Note: My understanding is that only the last scenario, “data collection”, will trigger COPPA under current law. But the proposed rules use language like “requesting, prompting, or encouraging a child to submit personal information online”. So think about that, and evaluate where you fit.
3. Check your privacy policy. Does it describe how your mobile app uses data in a way that is clear to the reader?
Write a consumer-friendly statement about how the data in your app works, and link this to your full policy. If your app does not use any data, a statement to let people know this can build trust in your brand.
I recommend the Privacy Choice Mobile Policymaker, a tool to auto-generate a policy based on specific features in your app. It also has the “apps for kids” privacy icons (inspired by MWA developers) to inform parents about in-app features prior to download.
4. Privacy icons on your app OR website
Some developers are moving forward with privacy icons embedded in the screenshots of their app descriptions. However, I’m hearing from developers that the graphic design adjustments can time consuming, and the badge takes up valuable real-estate from the app. Another option is to embed the HTML code from the Privacy Choice icons on your website, to point to your company privacy policy.
Until the platform providers dedicate a section of the app store description to privacy, developers can show a good-faith effort by providing a privacy policy URL and brief disclosure statement in their app’s metadata. Given the California Attorney General’s position on privacy with the platform providers, it looks likely that privacy policies and/or iconic disclosures will become a standard part of the app store description.
5. Realize that “Playing Nice with Data” is a Team Effort
Keeping kids safe online is a team effort. Moms With Apps has taken the steps to stay informed, and to encourage developers to “do the right thing”. We also need parents to stay engaged with their children’s online activities and keep up with technological advances. In addition, we need platform providers, like the app stores, to give developers enough tools to describe, rate and classify their apps so parents can make informed decisions. And finally, we need policymakers to understand that for every “bad” story they hear in the media, there are plenty of “good” stories about how data is being used to improve and enhance our lives.
I tell the parents I work with that we all need to be technically savvy as it’s really no good putting our head in the sand over the technology – kids need guidelines and rules and boundaries just like they do for homework, staying out or tidying their rooms. Keep up the excellent work you do !
Sue Atkins
Author of ‘Parenting Made Easy – How To Raise Happy Children’
Thanks to the whole crew who represented us on the capital! I know all of the developers appreciate your hard work and tenacity to represent the good work we’re trying to do to create great apps for kids.
Thanks Libby!
Great post Lorraine! Thanks so much to all the developers who made the trip and represented us on Capitol Hill! I can now say Penelope made it to Washington DC! =) Thanks again.
I am so ecstatic to find your site, and this post in particular. As a future developer of apps for kids, this touches on so so many points of what I feel like many other app developers have been doing wrong (and correspondingly, I plan to do right.)