EFF urges FTC to address security and privacy problems in daycare and early education apps

powered by Surfing Waves
EFF urges FTC to address security and privacy problems in daycare and early education apps
An EFF study found the apps compromise young children’s data, and current laws don’t address the problem.

SAN FRANCISCO—The Federal Trade Commission must review the lack of privacy and security protections among daycare and early education apps, the Electronic Frontier Foundation (EFF) urged Wednesday in a letter to Chair Lina Khan.

Daycare and preschool applications frequently include notifications of feedings, diaper changes, pictures, activities, and which guardian picked up or dropped off the child—potentially useful features for overcoming separation anxiety of newly enrolled children and their anxious parents.

But EFF Director of Engineering Alexis Hancock’s recent investigation found early education and daycare apps have several troubling security risks. Some allow public access to children’s photos via insecure cloud storage; many have dangerously weak password policies; at least one (Tadpoles for Parents) sends “event” data, including when the app is activated and deactivated, to Facebook; and several enable cleartext traffic that can be exploited by network eavesdroppers.

“Parents find themselves in a bind: either enroll children at a daycare and be forced to share sensitive information with these apps, or don’t enroll them at all,” EFF’s letter to Khan said. “Paths for parents to opt a child out of data sharing are, with rare exception, completely absent.”

“Since parents do not have the tools or proper information to currently assess the privacy and security of their children’s data in daycare and early education apps, the Federal Trade Commission should review the current gaps in the law and assess potential paths to strengthen protections for young children’s data, or investigate other means to improve protections for children’s data in this context,” the letter concludes.

Of 42 daycare apps that EFF researched, 13 companies did not specify the data they collect in their privacy policies. In policies of those that do describe data collection processes, most admitted to sharing sensitive information (such as the average number of diaper changes per day) with third parties. Only 10 of the 42 apps stated in their privacy policies that they did not share data with third parties – but seven of those 10 actually were doing so anyway.

Current laws don’t address the problem. The Children’s Online Privacy Protection Act only applies to operators of online services “directed to” children under 13; early education and daycare apps, however, are used solely by adults like teachers. The Family Educational Rights and Privacy Act also falls short: It restricts schools from disclosing students’ “education records” to certain third parties without parental consent, but does not regulate the actions of third parties who may receive that data, such as daycare apps.

For EFF’s letter to Federal Trade Commission Chair Lina Khan: https://eff.org/document/eff-letter-ftc-daycare-apps-9-28-2022

For more on daycare apps’ privacy and security problems: https://www.eff.org/deeplinks/2022/06/daycare-apps-are-dangerously-insecure

Director of Engineering, Certbot
Senior Staff Technologist

* This article was originally published here


The Washington Gazette works at our discretion with businesses, non-profits, and other organizations. We do not work with socialists, crony capitalists, or disinformation groups. Click the green button below to view our services!

HTML Button Generator

powered by Surfing Waves


SHARE our articles and like our Facebook page and follow us on Twitter!

Post a Comment