Children's Apps Potentially Violating Federal Data Privacy Rules

Over 40% of applications targeting children available on the Google Play Store might be infringing upon federal guidelines governing children's data privacy, as stated in a report unveiled on Thursday.

Investigators from Comparitech examined approximately 500 of the most popular child-oriented applications accessible through Google's application marketplace, scrutinizing their privacy policies to determine if they met crucial requirements established by the Children's Online Privacy Protection Act. They also investigated what personal information could be gathered by each application and whether each application's privacy policy included a "clear and concise" section elucidating its data collection practices.

COPPA, implemented by the US Federal Trade Commission, establishes guidelines for how applications, websites, and other online services should handle the personal data of children under 13 years of age.

According to Comparitech, the investigators discovered some form of potential COPPA violation in 222, or nearly 45%, of the applications they analyzed. Furthermore, while the majority of these applications mentioned the significance of safeguarding children's data in their policies, they failed to implement sufficient practices to achieve this, Comparitech reported.

The new figures indicate a decline in compliance from a similar Comparitech study conducted last year that found one in four applications to be potentially non-compliant, along with 2022 research suggesting possible issues with one in five applications.

In response to the report, Google stated that it takes the protection of children seriously and that its application marketplace "has policies and processes in place" to help safeguard children on the platform.

More than half the applications were deemed to be seemingly in violation of COPPA because they appeared to be collecting children's data without COPPA-mandated protocols in place, the researchers said. This could include failing to request parental consent before gathering data. Additionally, about 15% of the questionable applications seemed to be collecting personal information of children without having the COPPA-mandated child data collection policy in place.

The researchers also cautioned that just because an application appears to be safe for children, that doesn't guarantee their privacy rights will be respected. All the applications that appeared to be in violation of COPPA displayed "teacher approved" badges, which indicate that they've undergone additional reviews by educators and other experts who examine characteristics such as appeal to children and age appropriateness.

Moreover, 31, or about 6%, of the total number of applications investigated, claimed in their privacy policies that they weren't intended for use by children, and therefore not subject to COPPA regulations, despite being listed in the Play Store's "E for Everyone" category.