New Survey on App Stores and Account Info Sharing – What This Means for COPPA


FPF is committed to helping the app marketplace comply with the FTC’s revised Children’s Online Privacy Protection Act (COPPA) rule.  As explained in our public comments filed with the FTC, we think that one way to help companies and parents alike is to encourage collaboration.  For example, by leveraging a common platform, “operators” under the rule could provide streamlined notice and obtain verifiable consent from parents using an easy-to-understand and manageable approach.  This way, parents aren’t overwhelmed by countless notices and consent processes, and “operators” under the rule can fulfill their COPPA obligations in a practical manner.

However, in its COPPA FAQs, the FTC said that a parent’s app store account number and password alone aren’t sufficient to establish consent under the rule:  “The mere entry of an app store account number or password, without other indicia of reliability (e.g., knowledge-based authentication questions or verification of government identification), does not provide sufficient assurance that the person entering the account or password information is the parent, and not the child.”  The assumption appears to be that parents share their account names and passwords with their children.

As part of our mission to give policy makers more data to inform their decision making, we recently commissioned Harris Interactive to conduct a survey online among U.S. adults to better understand whether parents share account information with their kids.  We identified parents with children ages 3-12 who own smartphones, tablets, and/or e-readers and have an app store account, and asked whether those parents have ever shared their account name and password with their children so that their kids could download free apps or purchase apps.  The results show that 72% have never shared this information with their kids.  And, for the less than 100 parents surveyed who have, most require that their kids ask permission before using their account information to download free apps or purchase apps: only 4% of those parents surveyed said their kids did not have to first ask permission before downloading free apps or purchasing apps.

So what does this mean?  This is a recent poll, and we certainly plan to study it in greater depth.  But it suggests that most parents keep their app store account information private – they don’t just hand it over to their kids.  And, for those that do share this information, there are rules in place so that kids have to get permission first.

This is encouraging for those of us that want to answer the FTC’s call for better notices and simpler yet effective choices.  We want to avoid overly long, overly detailed privacy policies by giving parents a general up-front notice, and provide more specific notice at a time that is most relevant to the parent.  We want parents to be able to easily provide verifiable consent in a way that complies with COPPA but doesn’t subject them to duplicative procedures.

As the app market continues to grow, the Commission is right to be concerned about apps targeting children and COPPA compliance.  It just makes sense to leverage existing platforms and relationships to provide parents and operators with smart, innovative, and common sense notice and consent mechanisms.  Hopefully, these findings will encourage policy makers to help do just that.

For complete survey methodology, including weighting variables, please contact [email protected] or call (202) 642-9142.