Privacy & Information Security Law Blog

On October 22, 2019, the Federal Trade Commission announced that, for the first time, it has brought a case against a developer of “Stalking” Apps. The agency alleges that Retina-X Studios, and its owner, James N. Johns, Jr., developed and marketed three apps that allowed purchasers to surreptitiously monitor the movements and online activities of users of devices on which the apps were installed without the knowledge or permission of the device’s user. The FTC also alleges that the app developer took steps to ensure that a device user would not be aware that the app had been installed, bypassing mobile device manufacturers’ security restrictions and leaving the device vulnerable to cybersecurity risks. The apps were marketed as tools for monitoring the behavior of employees and children. The FTC further alleges that the app developer issued policies that made inaccurate representations regarding the security of their online systems, which were recently found to have been hacked twice during earlier incidents.

The FTC maintains that the developer’s actions compromised consumers’ privacy and exposed their devices to security vulnerabilities. In so doing, they violated both the FTC Act’s prohibition on unfair and deceptive trade practices and the Children’s Online Privacy Protection Act’s (COPPA’s) mandate that information from children under 13 be secured. Under the proposed settlement, Retina-X and Mr. Johns must take steps to require app purchasers to agree to only use the apps to monitor children or employees. Retina-X and Johns must also refrain from further violating COPPA and from misrepresenting the privacy and security protections they have in place for the information they collect. They must also implement a comprehensive information security program and submit to biannual third-party assessments.