The Federal Trade Commission should review privacy and security concerns with daycare and early education apps, the Electronic Frontier Foundation urged in a letter to the agency Wednesday.
To make matters worse, EFF found that many of the apps they researched had been warned previously by a different group of security researchers about the vulnerabilities. Those researchers found that more than half of the 42 apps they looked at did not disclose the use of third-party trackers despite sharing sensitive information such as the number of diaper changes.
“Parents find themselves in a bind: either enroll children at a daycare and be forced to share sensitive information with these apps, or don’t enroll them at all,” EFF’s letter to Khan stated. “Paths for parents to opt a child out of data sharing are, with rare exception, completely absent.”
The FTC is tasked with enforcing the Children’s Online Privacy Protection Act, which controls what data companies can collect from children under 13. However, because daycare apps are collecting children’s data directly from parents and daycare providers, those protections have limited application.
Daycares that receive funding from the Department of Education may be subject to the Family Educational Rights and Privacy Act, which restricts schools from sharing student data. However, many parents have found that evasive privacy policies make it difficult to find out what happens to a student’s data once a third party collects it. That data can even be sent to law enforcement.
“Since parents do not have the tools or proper information to currently assess the privacy and security of their children’s data in daycare and early education apps, the FTC should review the current gaps in the law and assess potential paths to strengthen protections for young children’s data, or investigate other means to improve protections for children’s data in this context,” EFF concludes in the letter.
The request is a challenge for the FTC to deliver on promises made in a May policy statement vowing to scrutinize education technology companies that fail to protect children’s data. The commission has also asked for feedback on potential security requirements for educational technology as a part of its exploratory process for new privacy rules.