The Federal Trade Commission has recently focused its consumer protection efforts on the mobile arena, and particularly video game companies operating in that arena.
Early last year, the FTC issued several staff reports related to mobile commerce and gaming. The reports (1) examined the use of mobile payments (see “Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments”), (2) promoted improved privacy disclosures for mobile consumers (see “Mobile Privacy Disclosures, Building Trust through Transparency”) and (3) revised online advertising disclosure guidelines (see “.com Disclosures, How to Make Effective Advertising Disclosures in Digital Advertising”). As with all FTC guidance, such reports do not represent the law. However, the reports do create safe harbors for companies that want to avoid FTC scrutiny.
The FTC further pursued its efforts related to mobile content by sending educational letters to businesses, including video game companies, to assist them in preparing for updates required by the Children’s Online Privacy Protection Act (“COPPA”). The FTC sent its COPPA letters to domestic and foreign companies whose online services, including mobile applications, appeared to collect personal information from children under 13.
COPPA’s requirements went into effect on July 1, 2013. Under COPPA, companies cannot collect, store or transmit “personal information” of children without parental consent. “Personal information” has been broadly defined to include persistent identifiers (e.g., online user names, cookies or mobile ID numbers), photos, videos and audio recordings. In addition to requiring parental consent, companies transmitting any such information must ensure that the recipient keeps such information secure and confidential (and also abide by applicable rules related to how the information is stored and retained). COPPA also applies to information collected within apps by third-parties such as advertising companies. See, Complying With COPPA: Frequently Asked Questions.
This year, the FTC has sustained its protection efforts against fraudulent, deceptive, and unfair business practices in the mobile arena. For example, on March 27, 2014, the Federal Trade Commission approved a settlement with Apple of the FTC’s claim that Apple unfairly charged consumers for gaming and application purchases made by children without their parents’ consent. The FTC’s Complaint noted that “Apple offers thousands of apps for free or a specific dollar amount, including games that children are likely to play. In many instances, after installation, children can obtain virtual items within a game, many of which cost money. Apple bills charges for items that cost money within an app—‘in-app charges’—to the parent.” The FTC claimed that Apple did not notify parents that entering their password would approve a purchase and result in a 15 minute window during which unlimited charges could be incurred, without further parental consent. Apple agreed with the FTC to settle the case by providing full refunds – totaling a minimum of $32.5 million – to any consumer billed for children’s unauthorized or accidental in-app purchases.
The FTC has also settled claims against a children’s gaming company, Fantage.com, for allegedly falsely claiming to comply with international safe harbor privacy rules. According to the FTC’s complaint, the company (which created and hosts a multiplayer online role-playing game directed at children aged 6-16) claimed that it held current certifications under the United States-European Union Safe Harbor framework. The statement was included in the company’s privacy policy. (The Safe Harbor Framework is a voluntary program whereby a company annually self-certifies to the U.S. Department of Commerce that it complies with certain EU privacy principles necessary to meet EU’s privacy standards.) The company had allowed its certification to lapse, and yet continued to represent that it complied with the framework. In the proposed consent order settlement, the company is prohibited from misrepresenting its participation in privacy or data security programs.
Most recently, as of April 17, 2014, the FTC has invited further public comment on mobile security issues as part of its development of a report related thereto. Specifically, the FTC seeks further information on how to protect consumers’ privacy and security through platform design, distribution channels, development practices and the lifecycle of mobile devices.
With the FTC’s emphasis on protecting consumers in the mobile arena, companies operating within that arena must diligently and vigilantly police their own advertising, marketing, data collection and privacy policies to ensure compliance with the FTC’s rules. The FTC’s efforts in this area will only continue to grow, commensurate with society’s increased dependence on mobile commerce and entertainment.