Why marketing apps to kids is still largely unregulated

Failed attempts at self-enforcement and a toothless FTC have created a Wild West among mobile products targeted to children

In 2013, a company called Toy Box Apps marketed an app called Mall Girl to kids with an interesting premise: The app provided a virtual pet and warned kids that if they didn’t purchase virtual food, the pet would be taken to the pound. 

The app, which was marketed via Apple’s App Store, provided the food for payments starting at $1.99 and ranging up to $99. 

In that case, the Children’s Advertising Review Unit — an advertising self-regulating body that’s a branch of the Better Business Bureau — intervened. CARU "recommended" that Toy Box Apps pull the feature, which the company eventually did. 

While that was a victory for the industry against app developers who prey on children, the truth is that many don’t get caught. 

Because app developers don’t fit the typical profile of marketers, most aren’t in the habit of checking in with CARU. The Federal Trade Commission, meanwhile, has rarely taken action against such companies, even though there are stringent rules about marketing to kids under 13 via apps. As a result, there’s a largely unregulated industry that markets to kids on mobile, a platform where they’re spending more and more time. 

How much?

In 2013, a survey by Common Sense Media showed 75% of kids under eight had access to a smartphone or tablet. An October 2015 study by the organization found that tweens spend one hour, 19 minutes a day playing video, computer or mobile games. 

Critics say that the advent of mobile media has prompted marketers to get sneakier. By making terms-of-service language hard to access and employing behavioral targeting, such marketers are able to aim their pitches at kids whom psychologists say are too young to distinguish advertising from content

While the Federal Trade Commission has taken the lead in addressing mobile marketing to kids, the agency seldom takes action. In the absence of vigorous government protection, the marketing and ad industry relies on the Children’s Advertising Review Unit (CARU), a branch of the Better Business Bureau that allows the industry to self-regulate. 

Toothless regulation
Since 1998, the federal government’s Children’s Online Privacy Protection Act (COPPA) has required marketers targeting kids under 13 to make their privacy policy clear and get the consent of a parent or guardian before they target children for data collection. The Federal Trade Commission has only fined errant companies about two dozen times in 17 years. Though such fines are in the six- or seven figures range, the odds are against getting caught, says Richard Chapo, a San Diego-based attorney who helps companies comply with COPPA. 

"They’re pretty much a disgrace," Chapo says of the FTC. "Most of us in the field are convinced that there’s a desk in a basement covered in dust and an old rotary phone that’s supposed to be the COPPA enforcement department. It’s laughably bad." Chapo says a lot of companies risk flouting the laws because there are so few enforcement actions. In addition, because complying with COPPA often means forgoing advertising, it’s very expensive to do so. 

The FTC amended COPPA in 2013 to include app makers. Nevertheless, as the FTC itself noted in a Sept. 3 press release, only 45% of app makers comply with COPPA. A 2015 analysis by the Global Privacy Enforcement Network, meanwhile, found that 78% of app makers did not "use simple language or present warnings that could easily be read and understood by children." 

On a positive note, the FTC did crack down on Apple for its billing practices. The agency drew a settlement of at least $32.5 million, which was refunded to customers last year, for failing to notify parents that after they enter their passwords there’s a 15-minute window in which their kids can make one-click purchases. Google refunded customers $19 million last year for a similar infraction after the FTC cracked down. Both Apple and Google have since changed their billing practices.

CARU enforcement
While the FTC regulations address data collection, they wouldn’t apply to ethically shady practices of the kind that Toy Box Apps employed. In those cases, CARU is the industry’s best defense. CARU isn’t an enforcement agency per se, but instead is a safe harbor organization, meaning members who are vetted by CARU can avoid being penalized by the government.

However, the agency only has six full-time employees and most of its focus is still on TV. "One of the big challenges for us has been how do you monitor in the digital space?" says Lee Peeler, president and CEO of the Advertising Self-Regulatory Council, which runs CARU. "In the old world there are a set of pretty clear conventions about how you make sure that kids know about the commercial intent of the media they’re watching and pretty clear issues about how you separate commercial messages from content, one of the big issues for us and the industry is what that looks like in the digital space."

Nevertheless, CARU has pushed way more COPPA cases than the FTC has. Peeler says the organization is closing in on 300 such cases. Most have involved websites, but some have gone after app makers as well. 

Last month, the organization charged that Kiloo’s Subway Surfer app wasn’t complying with COPPA because it was not screening for age or obtaining parental consent for its data collection. Kiloo argued that the game, which featured a character named Jake that Kiloo describes as a "youthful hooligan," wasn’t aimed at kids. After CARU’s dispute, Kiloo modified the game to issue a new privacy policy.

"It’s challenging for us because there are a lot of new entrants to the industry that don’t know about CARU," Peeler says. 

Not enough?
Susan Linn, a longtime critic of marketing aimed at children and author of the 2004 book Consuming Kids, says that there are rampant examples of predatory marketing aimed at children among app makers. One is "host-selling," a practice that’s banned on TV in which the ostensible host of a show (or in this case, an app) makes a pitch directly to kids. 

Alphabet’s YouTube Kids app, for instance, includes a McDonald’s channel, which Linn views as an example of host selling. (There is an FTC complaint over the app. YouTube has responded by saying that it worked with child advocacy groups on the app and disagreed that ad-supported media aimed at kids is inappropriate.)

"Between the apps, advergaming and the product placement in videogames, what it means is that advertising for children is more pervasive and sneakier than ever before," she says. Linn also dismisses CARU’s enforcement: "Self-regulation wasn’t working before all these things. It’s certainly not working now."

App marketing realpolitik
Roy Smith, the CEO of AgeCheq, a company that helps app makers comply with COPPA, says that generally the bigger companies are acting in line with the law, but smaller players aren’t, and they are benefiting. For example, King, the maker of the popular Candy Crush Saga game, just got bought by Activision for $6 billion. "How many kids under 13 play Candy Crush if there’s 500 million players per month? Is it 5%? That’s 25 million kids," he says. 

King’s terms of service state that children under 13 can’t use the game. Smith believes that warning is widely ignored. However, Smith says that big brands like Lego, Disney and EA Sports are complying with COPPA because they realize that they’re targets for a fat FTC fine. "If the FTC does wake up one day and decides that they want to do some enforcement, it’s unlikely that it’s going to be two kids in a college dorm room." 

A solution from Europe?
Smith says there’s one thing that could bring the current Wild West environment among app makers to a close: On 0ct. 6, in the wake of Edward Snowden’s revelations about US government snooping, the European Court of Justice invalidated the longstanding safe-harbor agreement between the US and Europe. That means that app makers who market in both regions will have to create separate data centers in the US and Europe unless the EU and the US draft a new agreement.

Since the EU is much more stringent about data privacy, Smith believes that a new safe-harbor agreement could hold app makers more accountable to COPPA. 

"Ironically, EU enforcement is going to be what makes American companies comply with COPPA," he says. "Because the US government’s done nothing."

Start Your Free 30-Day Free Trial

Get the very latest news and insight from Campaign with unrestricted access to campaignlive.com, plus get exclusive discounts to Campaign events.

Become a subscriber


Don’t miss your daily fix of breaking news, latest work, advice and commentary.

register free