Pixalate Child-Directed Apps Privacy Risk Report

Pixalate released the Q1 2023 Children’s Privacy Risk Report for Mobile Apps. The report is part of Pixalate’s Privacy Disclosure & Compliance Series and features a comprehensive analysis of privacy policies across nearly 1,000 popular U.S.-registered likely child-directed mobile apps in the Apple App Store and Google Play Store.

Pixalate evaluated child-directed apps and their potential threat to the privacy of children online, focusing on U.S.-registered apps that collect, use, or disclose personal information which would trigger privacy practices disclosure obligations under the COPPA Rule.

The apps were manually reviewed by the educators on Pixalate’s Trust & Safety Advisory Board to determine their likely intended audience. A total of 935 U.S.-registered apps active in Q1 2023 were reviewed, 859 of which are likely subject to the COPPA Rule.

Key Findings:

  • 193 (23%) of the 859 U.S.-registered apps likely subject to COPPA in the Google Play Store and Apple App Store were found likely non-compliant with COPPA’s disclosure obligations.
  • 4% (33) failed to comply with COPPA’s online notice provision by not posting a privacy policy.
  • 22% of Google and 13% of Apple apps with a privacy policy did not meet the disclosure obligations of COPPA.
  • 17% of apps that collect data about children either had no privacy policy (33) or did not include a privacy policy disclosure describing how they handle children’s data within its privacy policy (110), likely violating the COPPA Rule.

“We continue to be surprised that the standards for apps in the Google Play Store and Apple App Store are not markedly higher for child-directed apps,” said Allison Lefrak, SVP of Public Policy, Ads Privacy and COPPA Compliance at Pixalate. “With nearly one-quarter of the most popular U.S.-registered mobile apps likely in breach of COPPA’s requirements related to online privacy policies, the mobile app stores need to act as responsible gatekeepers and remove developers that are failing to be transparent with parents about their data collection practices.”

More about Pixalate’s Privacy Compliance Methodology:

COPPA requires operators of apps that collect, use, or disclose personal information from children to post an online privacy policy. To be COPPA compliant, the privacy policy must disclose (16 C.F.R. § 312.4 (d) (1-3):

  • The name, address, telephone number, and email address of all operators collecting or maintaining personal information through the app;
  • A description of what information the operator collects from children, including whether the operator enables children to make their personal information publicly available, how the operator uses such information, and the operator’s disclosure practices for such information;
  • The procedures by which a parent can review or have deleted the child’s personal information and refuse to permit its further collection or use.

For Pixalate’s technology to deem an app as likely non-compliant with the COPPA Rule, one or more of the following deficiencies must have been identified:

  • No privacy policy URL detected in app store.
  • A URL was detected in the app store, but it did not actually point to a privacy policy.
  • A privacy policy was detected but it did not meet the COPPA Rule’s disclosure obligations, according to Pixalate’s analysis.

To learn more about Pixalate click here.

Related news:

The Cisco Broadband Survey Releases Evolving Consumer Expectations

Generative AI Adoption Fueling Employee Productivity, Insight Survey Finds