SAN FRANCISCO (CBS/AP) — A cellphone game for kids about U.S. geography, “Stack the States,” gets rave reviews from parents. Its creator, Dan Russell-Pinson, considered making the 99-cent app better by adding a feature to allow children to play online against one another. But with the Federal Trade Commission issuing more stringent online child privacy rules, he’s not even pursuing the idea.
“It would require all kinds of data sharing,” said Russell-Pinson, the founder and sole employee of Freecloud Design in Charlotte, N.C. “I would be kind of afraid to do that.”
The software industry is bracing for new regulations that it says will stifle creativity and saddle small businesses with legal and technical costs to ensure their cellphone apps don’t run afoul of the rules. The changes, which the FTC is expected to approve this week, would update a 14-year-old law prohibiting the collection of personal information from preteens. It raises these questions: What is the value of a child’s privacy on the Internet, and who should pay for it?
Businesses said they fear that under the trade commission’s proposal, routine transfers of data that pose no threat to a child’s safety will be treated the same as the improper gathering of information that can be used to create detailed user profiles that are highly valued by advertisers. Responsible software developers will err on the side of caution and the result will be less kid-friendly content available on the Internet, they said.
The FTC’s chairman, Jon Leibowitz, defended the government’s approach. “When you are talking about children, you have to give the benefit of the doubt to privacy,” he said last week on Capitol Hill.
The cost of the changes to developers just selling educational apps for kids on Apple’s iTunes store could be as high as $271 million—nearly 100 times what the FTC has projected for all the businesses it expects to be newly covered, according to the Association for Competitive Technology, a Washington-based trade group that represents small and midsize software development companies. The FTC’s estimate is “laughable,” said Morgan Reed, the association’s executive director.
Russell-Pinson said he can afford the expense now. But two years ago, when he was starting his business, he would have been in a real bind. “I didn’t even make $10,000 on my first three apps,” he said.
The FTC has imposed steep fines on companies that have violated the current law, the 1998 Children’s Online Privacy Protection Act. In a 2011 case, a mobile apps developer, W3 Innovations, paid $50,000 to settle charges it illegally collected and stored the email addresses of preteens that downloaded apps called “Emily’s Girl World” and “Emily’s Dress Up.”
The technological shift from desk-bound personal computers to wireless devices is driving the FTC’s push for major revisions to the law, known as COPPA. It was written before an era of cellphones and tablets loaded with apps that can be designed to siphon up a person’s precise location and other personal data highly valued by advertisers and data brokers.
The push for tougher online safeguards is supported by parents concerned about the abundance of apps and the easy access kids have to them. But parents can be a first line of defense, said Leticia Barr, a former schoolteacher who runs the website Tech Savvy Mama. Barr also works as a social media consultant to Location Labs, a provider of mobile safety apps to wireless carriers, and she is occasionally paid by other app developers to review their products.
Before Barr allows her two young children to use an app, she tests it thoroughly so she knows whether it can collect data or contains advertising that might be inappropriate for kids. “That’s just my personal policy, just as I wouldn’t send them over to a stranger’s house to play,” Barr said.
The FTC’s proposed changes prohibit the use of behavioral marketing techniques that target children. The revisions also would expand the definition of personal information to include the location data that comes from a cellphone or tablet, the device’s unique identification number and data-tracking files known as “cookies.”
As evidence for what it said was the need for updated rules, the FTC announced last week it was investigating an unspecified number of app developers which may have violated the law by gathering information from kids without their parent’s consent. The agency examined 400 apps directed at kids that it purchased from Apple’s iTunes store and Google’s apps store, Google Play. The majority failed to inform parents about the types of data the app could gather and who could access it, the FTC said. The agency did not name the companies or say how many it was investigating.
The co-founder of Launchpad Toys in San Francisco, Andy Russell, said he adheres to the current law and supports more stringent privacy protections for preteens. Russell has eight employees, but his apps business is financed with venture capital and isn’t yet profitable. Spending money to ensure he meets the new privacy requirements means it will take him that much longer to get into the black.
“I can’t speak for other developers, but I think there are a lot of people out there who would say: ‘You know what, that’s OK. I’m just going to fold up shop,”’ Russell said.
Under the proposed changes, permission from the parent of a preteen must be verifiable. Russell said that requirement alone could pose a major hurdle. What will qualify as proof that the consent is legitimate? A driver’s license number? A form that is signed and faxed by a parent?
“Nobody uses a fax machine anymore,” Russell said. “Verification is a wonderful thing. But to date there just hasn’t been a good way to do so.”
The need to balance the impact of regulations against their value to the public has long caused conflict between the private sector and policymakers in Washington. The topic of this debate, kids’ privacy, has forced app developers and industry representatives to walk a fine line to avoid being seen as insensitive to an issue parents care deeply about.
The FTC has estimated that 500 existing operators of websites and online services and 125 newly formed businesses would be covered by the rule changes. The overall expense for legal and technical fees to meet the new requirements will be $2.7 million, the agency said. That works out to $9,420 for a new business, and just over $3,000 for an existing one, according to the agency’s figures.
But costs for new and existing operators will probably be the same, said the Association for Competitive Technology’s Reed. Building the required privacy standards into an app already in the market is usually more expensive that adding those features from the start, he said.