New guidelines over protecting children?s privacy from the Federal Trade Commission specifically reference mobile apps and device identifiers, promising to impact a wider array of mobile companies.

Following growing concern over a perceived lack of attention paid to users? privacy by mobile companies, the FTC this week updated the Children?s Online Privacy Protection Rule. In one example, the rule clarifies that geolocation, photographs and videos now count as personal information that cannot be collected without parental notice.

?There are a lot of sites and apps that don?t view themselves as covered by COPPA because they don?t sell anything and don?t make users register,? said Jules Polonetsky, director and co-chair of the Future of Privacy Forum, Washington. "But if they track user cookies or device identifies and have an ad network, they are now covered because they allow the ad network to track users.

?You need to make sure that your ad network doesn?t use that information for behavioral advertising or you are responsible,? He said. ?And the fees are heavy.

?Many news companies are also now captured by COPPA because of the way it redefines personal information.?

Several surprises
The new guidelines cover the personal information that Web sites and online services may collect from children under 13.

The concern over mobile privacy is not relegated to children?s apps. Earlier this month, California?s attorney general office sued Delta Airline California?s attorney general office with claims that Delta Air Lines is distributing a mobile app ? its Fly Delta app ? without a privacy policy, which violates the state?s Online Privacy Protection Act.

The new FTC guidelines had been expected, with the agency having initiated a review of the COPPA rule in 2012 to ensure it is keeping up with new technology. However, there are several surprises in the final edition.

The FTC had been considering eliminating email as means for gaining parental consent but, in the end, decided to leave this option alone.

?The important thing that the FTC did is that they reversed their proposal which would have ended a common practice of getting parental consent via email,? Mr. Polonetsky said.

Additionally, the new guidelines allow for continued use of social plug-ins, such as the ability to share on Facebook, as long as the information is not being used for behavioral advertising.

Behavioral ads targeted
A key focus of the rule is ensuring that kids do not continue to be targeted for behavioral ads and makes sites and apps responsible for ensuring that their ad networks are not using the data in this way.

Among the new amendments is one that clarifies that geolocation, photographs and video are included in the list of personal information that cannot be collected without parental notice. Additionally, the rules close a loophole that had allowed children?s apps and Web sites to permit third-parties to collect personal information through plug-ins without parental consent.

?Apps that use location are likely to be unhappy because the rule says that location is personal information and that you can?t track a user?s location without parental permission, even if you are not going to use it for marketing purposes,? Mr. Polonetsky said.

The same is true for apps targeted at children that upload photos or videos, as these are not considered personal information.

COPPA now also covers persistent identifiers such as mobile device IDs. Web site operators are now required to ensure they release children?s personal information only to companies that are capable of keeping it secure and to adopt procedures for data retention and deletion.

The new amendments will go into effect on July 1, 2013.

Smaller app developers
The biggest impact from the new rules may be felt by smaller app developers.

?Most companies that work in kid space - such as Sesame Street or Club Penguin - were already implementing these or similar controls to ensure the safety of their users,? said Scott Michaels, vice president at Atimi Software , Vancouver, Canada.

?The greatest impact will be to the smaller, independent developers, who will now have to ensure their applications follow the guidelines carefully in order to pass the approval process,? he said.
?There are many new, tiny development companies - two guys in a garage don't necessarily have the manpower dedicated to follow up on every developer guideline, so these new regulations will ensure a baseline of safety measures for children.?

Final Take
Chantal Tode is associate editor on Mobile Marketer, New York