Last update: October 2021

5 mins to read - 2021/10/08

Reasons to Be Concerned About Data Privacy Breaches in Kids Devices

Whether you’re a parent of a child younger than 13 or a developer of a mobile app with a user base in that age range, data breaches are a #1 concern in this day and age. For parents, the sheer amount of horror stories you hear in the news about data breaches is enough to make you want to take away your kid’s devices until they’re 30. And for app developers, even those with the best of intentions, illicit data activity perpetrated by 3rd-party SDKs integrated into your app is enough for the FTC to penalize you for a COPPA violation. Should you be worried? Yes! Here are a few reasons why you should be data privacy breaches in kids apps and devices. And what you can do – whether as a parent or as an app developer – to make sure kids stay safe while using mobile devices.

Download our Data Security Whitepaper to learn more about OpenBack’s innovative approach to data privacy:

kids data privacy breaches

What Kids Apps Are Committing Data Privacy Breaches?

Right off the bat there are a few repeat offenders. TikTok was fined $5.7 million by the FTC for extensive failures to comply with COPPA, and on top of that was sued for billions in the EU for GDPR violations. Google was fined $170 million in the same year, for its harvesting of children’s data in order to target them with YouTube ads.

And of course, the unholy Trinity – Facebook, WhatsApp, and Instagram – seem to always be perpetrating underhanded dealings with its users’ ill-gotten data. In 2020, Ireland’s Data Protection Commission (DPC) investigated Instagram for concerns over changes in account settings enabling access to children’s contact details if they switched to a business account. And on September 22, 2021, the Irish DPC fined WhatsApp 225 million euros for failing to:

  • provide required privacy information to WhatsApp users, as required by EU General Data Protection Regulation Article 13

  • provide privacy information relevant to contacts of WhatsApp users — “non-users” — whose personal data was processed in order to show users which of their contacts were also WhatsApp users, as required by GDPR Article 14

  • make privacy information available in an “easily accessible form,” as required by GDPR Article 12

It’s Not Just the Tech Giants…

Smaller apps are guilty of breaches in kids’ data privacy as well. Many might think they’re small enough to fly below the radar, but this is very much not the case. Small app publishers such as Hyperbeard and KuuHuub both received fines from the FTC for violating COPPA. And in their case, it was actually a 3rd-party SDK that was doing the illicit harvesting of kids’ data, which which the publishers were found culpable.

How Can Data Privacy Breaches Harm Your Kids?

The repercussions of poor compliance with data privacy regulations is more wide-reaching than getting a fine and a slap on the wrist. Data breaches can harm both children and society in lasting ways. The world is still dealing with the fallout from the Facebook-Cambridge Analytical data breach, and will be doing so for a long time.

But the dangers can hit closer to home as well. Things that a previous generation would have seemed like a storyline out of the Twilight Zone are now very real threats. Smart toys, like Hello Barbie and CloudPets, collect data about your child so their “friendship” can learn and grow. But this large cache of children’s data has proved enticing for hackers, who target kids because of their clean credit histories and social security numbers. What’s more, parents have no control over where your kids’ data is stored, who has access to it, or how long it’s out there. This means that a Facebook picture, or an out-of-context social media post can resurface in the future and cause problems when you’re kid’s trying to apply to colleges or even jobs.

There is also the risk of unscrupulous advertisers targeting your kids with ads that they aren’t savvy enough to realize someone’s trying to sell them something. Worse, with kids’ devices leaving a real-time data trail of their thoughts, behaviors, and geolocation, it’s very possible for harmful actors to seek out your child in real life.

What Can Parents Do?

The best thing a parent can do to keep their kids safe – both in the digital world and in the real one – is to get informed. Common Sense Media has resources and tutorials on how to navigate the world of data privacy. Cynja also provides an app that can educate your kids in a more age-appropriate way about how to manage their privacy online and be discerning in what kind of personal information they give away.

As parents of app users younger than 13, you can monitor your kids’ device usage to an extent. You can also do your research on kids’ privacy certifications. These can be a reliable way of gauging that an app for children has done its due diligence with regard to protecting its users’ data.

data privacy openback webinar

What Can App Developers Do?

Regional data privacy regulations will have resources to help you block out your data privacy strategy. This should be blocked out into 4 main categories:

  • User consent: For kids’ data privacy, apps will have to request their parents’ consent before processing the data of users below a certain age threshold (13 for COPPA, 16 for GDPR-K). We’ll address this further below.
  • Private user data: Any data you process for internal purposes should only be accessible by the user – not by 3rd parties
  • Right to be forgotten: Any data processed should only be kept on the backend server for as long as it’s needed for app UX. And there should be a framework in place to delete user data upon request.
  • Data storage control: Some regulations require data to be stored within the country.

To build trust with users and demonstrate good faith, it’s worth looking into a kids’ safety certification seal. This usually involves taking a course and undergoing an audit of your software, privacy policy, etc.

One way to get started on the road to data privacy compliance is to integrate OpenBack’s mobile engagement SDK into your app for sending push notifications. OpenBack’s hybrid platform uses device-side data processing to ensure that data stays on the user’s device at all times. That way, the user retains full possession of their personal information, and at no time is it accessed by 3rd parties or transferred to a centralized cloud server. Not only does this mean OpenBack is fully compliant with COPPA, GDPR, and other data privacy regulations. It also means you can stay compliant and sent real-time, highly personalized push notifications without needing to request permission to track data.

To learn more about how OpenBack can help your app protect its users’ data privacy, get in touch with one of our experts for a free demo.

Leave a Reply

Your email address will not be published.

two × 2 =


Translate »