With the Federal Trade Commission and the State of California breathing down the necks of mobile app makers, mobile app privacy is a growing concern. A small video game industry privacy group, the Entertainment Software Rating Board aims to fill the mobile app privacy gap by unveiling a privacy certification program for mobile apps today.
Privacy is an issue particularly when it comes to apps made for kids. The FTC last year updated the Children's Online Privacy Protection Act to require more transparency on data collection by mobile-industry players, and conducted a study that found nearly 60% of the apps aimed at kids it studied sent device identification data to app developers or third parties such as ad networks and analytics, a sign of how pervasive mobile-data collection has become. The COPPA update defines mobile device IDs as personal information.
"We were doing lot of the things that were already in the amended [COPPA] rule, however translating that to mobile is a challenge and the biggest challenge is probably parental consent," said Dona Fraser, VP of the ESRB Privacy Certified program.
California Attorney General Kamala Harris put forth guidance for mobile app purveyors last year, including a suggestion that apps provide notice when gathering location data.
The ESRB program offers risk assessment, parental consent verification for apps used by kids under 13, and guidance for short privacy disclosures, as well as compliance monitoring and privacy seals. The nonprofit was founded in 1994 by the Entertainment Software Association. Its 26 member companies include Nintendo and Sony; however some of the biggest mobile gaming app providers such as Farmville maker Zynga and Candy Crush Saga maker Midasplayer International Holding are not, according to Ms. Fraser.
The program applies for all mobile apps, not just those aimed at children. Yet, the organization is a safe harbor program for COPPA. The FTC and California's Attorney General's office have reviewed the new mobile app program, said Ms. Fraser who added, "We haven't received any negative feedback."
The group puts members through a stringent auditing process, grading their privacy efforts and ensuring that they are indeed doing what their privacy policies say they're doing. Members pay fees on a sliding scale based on North American net revenue.
When it comes to privacy for kid-aimed mobile apps, ESRB partners with Verated Technologies to enable parental consent and age verification. Of course, there's no way to ensure that consent is actually coming from mom or dad.
"There's just no way to stop a child from lying," said Ms. Fraser.