Privacy advocates want the FTC to take on invasive daycare apps

Researchers have found some daycare apps share information such as the number of diaper changes with third-parties without disclosing it.

The Federal Trade Commission should review privacy and security concerns with daycare and early education apps, the Electronic Frontier Foundation urged in a letter to the agency Wednesday.

The letter builds on the EFF director of engineering Alexis Hancock’s research, which uncovered a variety of security concerns including the insecure cloud storage of photos of children. In one instance, the daycare app Tadpoles for Parents was sending children’s data to Facebook with no mention in its privacy policy. The company never responded to EFF’s concerns.

To make matters worse, EFF found that many of the apps they researched had been warned previously by a different group of security researchers about the vulnerabilities. Those researchers found that more than half of the 42 apps they looked at did not disclose the use of third-party trackers despite sharing sensitive information such as the number of diaper changes.

“Parents find themselves in a bind: either enroll children at a daycare and be forced to share sensitive information with these apps, or don’t enroll them at all,” EFF’s letter to Khan stated. “Paths for parents to opt a child out of data sharing are, with rare exception, completely absent.”


The FTC is tasked with enforcing the Children’s Online Privacy Protection Act, which controls what data companies can collect from children under 13. However, because daycare apps are collecting children’s data directly from parents and daycare providers, those protections have limited application.

Daycares that receive funding from the Department of Education may be subject to the Family Educational Rights and Privacy Act, which restricts schools from sharing student data. However, many parents have found that evasive privacy policies make it difficult to find out what happens to a student’s data once a third party collects it. That data can even be sent to law enforcement.

“Since parents do not have the tools or proper information to currently assess the privacy and security of their children’s data in daycare and early education apps, the FTC should review the current gaps in the law and assess potential paths to strengthen protections for young children’s data, or investigate other means to improve protections for children’s data in this context,” EFF concludes in the letter.

The request is a challenge for the FTC to deliver on promises made in a May policy statement vowing to scrutinize education technology companies that fail to protect children’s data. The commission has also asked for feedback on potential security requirements for educational technology as a part of its exploratory process for new privacy rules.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts