Privacy

Want to Comply With Online Privacy Laws for Kids? Good Luck!


Want to Comply With Online Privacy Laws for Kids? Good Luck!

Photograph by Jennifer Friel Moore/Getty Images

Many developers began holding their breath when changes to COPPA, the federal rule related to children’s online privacy, went into effect in July. Pretty much every app catering to children under 13 was in violation of the law, complained people across the software industry, and it was only a matter of time before the federal government would start handing down big fines.

Four months later, developers are still waiting to exhale. Though the Federal Trade Commission, which enforces the law, says it has not gone after anyone for violating its new provisions, this doesn’t mean that everyone suddenly figured it out. Many developers are still at a loss: Not only are they not complying with the law, they don’t even know how to do so.

Companies in this situation aren’t dying to talk. No one wants to openly acknowledge a failure of compliance with rules, and there’s little to be gained by criticizing an effort to protect children’s privacy. Ask about other people’s apps, however, and people are more forthcoming. “The universal characteristic of these developers that we work with is that they are even further behind than the FTC thinks,” says Matt McDonnell of Famigo, which operates a rating service for children’s apps.

A major sticking point is the counterintuitive requirement that developers collect more information about the users whose privacy is at stake. In the past, many developers of kids’ apps just wouldn’t collect any information on their users. Now companies have to determine which users are under 13 and get parents to sign off on privacy policies. This is basically impossible, says Tim Sparapani, head of governmental relations for the advocacy group App Developers Alliance.

Roy Smith disagrees. On Tuesday he launches AgeCheq, a product for developers that lack ways to get verified parental permission on their own. With a few lines of code from AgeCheq that developers can add to their apps, parents can see exactly what information is being shared and give their permission for it. Until a parent has signed off, an app using AgeCheq simply won’t work.

The process offers a reminder that it’s not easy to verify someone’s identity online. The first time parents verify their identities on a new device, they face a choice: Fill out a paper form with identifying information, sign it, and mail it or fax it to AgeCheq; or pay $10 to run through a series of questions similar to those you have to answer when requesting a credit report. Once AgeCheq is satisfied that a parent is real, it assigns a parental password. Then, for each app using the verification code, the parent can enter the password and activate the app for a child—unlocking, too, maybe six merciful minutes of peace and quiet before the child gets bored.

Even this elaborate process might fall short of the law. Once kids figure out how to game this system, any outmaneuvered developers will be liable for interacting with them without parental consent. Still, says Sparapani, it’s the best solution anyone has come up with. ”Using AgeCheq, you have gotten as close to verifiable identity as possible,” he says. “But there is no certitude there.”

Smith has applied for Safe Harbor status with the FTC—the agency’s acknowledgement that a particular system constitutes an honest attempt to comply with the law. There are currently no systems that the agency has said meet this standard for parental disclosure. A public comment period for two other systems—Imperium and kidSAFE—ended on Monday.

AgeCheq isn’t charging developers that use the service; the company’s business model is based on collecting user data that Smith insists will be stripped of personally identifiable information. If the product catches on, this data could be valuable: Developers would pay for information about how every children’s app is used. ”We are going to know an awful lot of information about what games kids of a certain age are playing,” says Smith.

This will require app developers to start trying to comply with changes to the law.  The best way for that to happen, says Smith, will be the imposition of a few hefty fines. ”My fear while I was creating this over the last six months was that someone was going to get fined and I wasn’t going to be ready,” he says. “Now I’m ready for someone to get spanked.”

Brustein is a writer for Businessweek.com in New York.

The Good Business Issue
LIMITED-TIME OFFER SUBSCRIBE NOW

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus