The trade commission and the Obama administration last year issued separate sets of recommendations for safeguarding consumers’ online privacy, and the subject has attracted growing concern in Congress.
But most of the focus to date, particularly with do-not-track policies, has been on internet browsers commonly used at home but not on mobile phones. Do-not-track features let users request that their footsteps not be followed as they move around online.
The commission and the administration have begun to focus on mobile data privacy partly because smartphones let so many entities gain access to personal information, including wireless service providers, mobile operating system developers, handset manufacturers, app companies, analytics outfits and advertisers — “a degree unprecedented in the desktop environment,” the report said.
The activities of Path, a company in San Francisco, illustrate some of the FTC’s concerns. The company developed a social networking app that allows people to keep an online journal about moments in their lives, including written entries, photos, music to which they are listening and their location. A user can share a journal with up to 150 people. The app has been installed more than 2.5 million times.
In fact, the commission said, Path was collecting personal details including addresses, phone numbers, usernames for Facebook and Twitter, as well as dates of birth.
The company also collected some of that information from users who, in signing up for the service, indicated that they were under age 13 without permission of their parents or disclosure of how it would use the information — violations of rules adopted under the US Children’s Online Privacy Protection Act.
In a statement posted on its Web site, Path said that “there was a period of time where our system was not automatically rejecting people who indicated that they were under 13.” But even before the FTC. contacted the company, Path said, “we discovered and fixed this sign-up process qualification and took further action by suspending any underage accounts that had mistakenly been allowed to be created.”
The FTC staff report, which was approved by a 4-to-0 vote, with one commission member not participating, recognised that steps were already being taken to adopt best practices for privacy protection. Among them is the creation of a group, Moms With Apps, which developed a badge icon to alert parents to the advertising and data-collection practices of apps aimed at children.
Sign up for CIO Asia eNewsletters.