FTC reaches privacy settlement with Path app

The app collected personal information from children and didn't tell users the extent of information it collected, the agency says

The maker of the Path social networking app will pay a US$800,000 civil penalty to settle U.S. Federal Trade Commission charges that it illegally collected personal information from children without parental consent, the agency said Friday.

Path has also settled FTC charges that it collected personal information from users' mobile address books without their knowledge and consent, the FTC said. The settlement requires Path to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for 20 years, FTC Chairman Jon Leibowitz said during a press conference.

Path's social-networking service allows users to keep journals and share them with a network of up to 150 friends. Users can store and share photos, journal entries, their location and the names of songs they are listening to.

The FTC, in its complaint, charged that the user interface in Path's iOS app was misleading and provided users no meaningful choice about the collection of their personal information. Path's version 2.0 provided users with three options for inviting friends, through their contacts, through Facebook or by inviting them to join Path by email or SMS. However, Path automatically collected and stored personal information from the user's mobile device address book even if the user had not selected the "find friends from your contacts" option, the FTC said.

For each contact in the user's mobile device address book, Path automatically collected and stored any available first and last names, addresses, phone numbers, email addresses, Facebook and Twitter user names, and dates of birth, the FTC said.

Path's privacy policy deceived consumers by claiming that it automatically collected only certain user information such as IP address, operating system, browser type, address of referring site, and site activity information, the FTC also alleged. Version 2.0 of the Path app for iOS automatically collected and stored personal information from the user's mobile device address book when the user first launched version 2.0 of the app and each time the user signed back into the account, the agency said.

"This practice, we believe, was deceptive," Leibowitz said.

The agency also charged that Path, which collects birth date information during user registration, violated the U.S. Children's Online Privacy Protection Act by collecting personal information from approximately 3,000 children under the age of 13 without first getting parents' consent. 

Through its apps for both iOS and Android, as well as its website, Path enabled children to create personal journals and share photos, journal entries, their precise location, and the names of songs they were listening to.  Path version 2.0 also collected personal information from a child's address book, including full names, addresses, phone numbers, email addresses, dates of birth and other information, where available, the FTC said.

Path, in a statement on its website, said it has closed a "very small number" of accounts affected by the COPPA rule.

"There was a period of time where our system was not automatically rejecting people who indicated that they were under 13," Path said. "Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created."

Path said it hopes it can help other developers learn from its experience.

The FTC action should remind others "of the importance of making sure services are in full compliance with rules like COPPA," the company said. "From a developer's perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn't until we gave our account verification system a second look that we realized there was a problem."

The FTC announced the settlement with Path on the same day as the agency released recommendations for mobile privacy practices.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade CommissionJon LeibowitzInternet-based applications and servicesregulationsocial networkinginternetPathgovernmentmobileprivacymobile applicationssecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?