Recently, SC Magazine published an article about a company called Path, which settled Federal Trade Commission charges that it violated the Children's Online Privacy Protection Act. The FTC accused Path of collecting personal data from children without parental consent. Path agreed to pay a civil penalty of $800,000 as part of the settlement.
In short, app developers should create, maintain and update their privacy policies, and make sure their policies match their information practices. I like to give clients an easy slogan to remember, “Promise what you can deliver, and deliver what you promise.” If you can put that slogan into practice, you can go a long way toward reducing your privacy legal risk.