Google has purged the wildly popular Number Coloring, Princess Salon, and Cats & Cosplay apps from the Play Store. The apps were banned following an investigation by the International Digital Accountability Council (IDAC). They were found to have engaged in persistent data collection practices in apps used by children, in contravention of Google statutes.
Developers of apps targeting children are guided by an especially stringent set of policies, unlike general audience app creators. Among the stipulations is that the content provided should be appropriate for children. They are also obliged to use Google Play certified ad SDKs for ad displays ads, while refraining from Interest-based targeting, and retargeting.
The developers reportedly used Android Advertising ID (AAID) technology which deploys persistent identifiers. They also tapped Android ID which can be used for device targeting. When it comes to user data collection, kids’ app designers are required to disclose any personal identifiable information to be collected, including via APIs and SDKs. The information includes microphone, authentication information, device data, and advertising ID. Google has said that it is working with privacy organizations to prevent developers from flaunting the rules.
International privacy bodies are moving to further regulate information collected by tech companies, especially related to the children demographic. Facebook is already under investigation in Europe by the Ireland’s Data Protection Commissioner (DPC) for potentially failing to implement sufficient data protection measures for users aged below 18 years.
At the heart of the latest saga is Instagram. Investigators are looking at whether Facebook breached privacy laws by failing to protect kids’ user data on Instagram. This is by allowing sensitive information such as phone numbers and email addresses of minors to be made public on the platform. Facebook has denied flaunting any data-privacy related rules but announced that it is cooperating with the Ireland’s DPC.
The DPC agency is the top EU data regulator. Part of its mandate is to enforce the EU General Data Protection Regulation (GDPR) provisions that were enacted in 2018. The body also has the power to issue fines once evidence of a breach is found. The DPC is looking into whether Facebook is even legally allowed to process children’s personal data.