The Federal Trade Commission (FTC) has alleged that the developer of three “stalking” apps violated the Children’s Online Privacy Protection Act.
The FTC has given its final approval to a settlement with the developer of the apps, MobileSpy, PhoneSheriff and TeenShield – Retina-X Studios, over allegations that the company and its owner failed to secure the data collected by the apps, and ensure the apps were used for legitimate purposes.
The apps had allowed purchasers to monitor the mobile devices on which the apps were installed, without the user’s permission or knowledge. By requiring purchasers to bypass mobile device manufacturer restrictions, the FTC alleged that the stalking apps compromised the security of the devices.
Additionally, the FTC adds that whilst Retina-X claims that in its legal policies, the apps were intended for the monitoring of employees and children, the developer did not take the steps to ensure that its apps were being used for those purposes.
The FTC also alleged that the developer failed to adopt and implement reasonable information security policies and procedures, and conduct adequate oversight of its service providers.
It is further alleged that Retina-X breached the Children’s Online Privacy Protection Act (COPPA) by failing to take reasonable measures to secure the personal information it collected from children.
Subsequently, under the settlement both Retina-X and its owner, James N. Johns Jr, are “prohibited from promoting, selling, or distributing apps that monitor consumers’ mobile devices unless they take certain steps to ensure the apps will only be used for legitimate purposes.”
“They also are prohibited from promoting, selling, or distributing any monitoring app that requires users to circumvent a device’s security protections to install the app, without ensuring the app will be used for legitimate purposes. Other provisions of the settlement require that Retina-X and Johns delete the data they collected from the stalking apps and implement a comprehensive information security program designed to protect the personal information they collect.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/