During the last several years, there has been explosive growth in the use of mobile technologies, fueling a concomitant increase in privacy-related regulatory activity and class action litigation around the globe. In the U.S., the recent regulatory trend began in earnest last year, when the primary privacy regulator in the U.S., the Federal Trade Commission (FTC), concluded its first enforcement action involving mobile apps.
The FTC reached an agreement with a developer of children’s games for the iPhone, requiring the app developer to pay $50,000 to settle charges that it violated the Children’s Online Privacy Protection Act (COPPA) by illegally collecting and disclosing personal information of tens of thousands of children under the age of 13 without their parents’ prior consent. The settlement was one of many recent reminders that even older laws such as COPPA, which was enacted in 1998, have important implications for new mobile technology.
Consequently, the company sponsoring the app frequently lacks the information necessary to craft an accurate privacy notice. Because OPPA prohibits the handling of data in a manner that is inconsistent with the privacy notice, the company could incur the risk of both an OPPA violation and damage to the company’s relationship with its consumers. In addition, the company runs the risk of joining the long line of companies against which the FTC has brought enforcement actions for inaccurate representations in privacy notices.