The U.S. Federal Trade Commission announced today that Path has agreed to settle FTC charges that it deceived users by collecting personal info from mobile device address books without users’ knowledge and consent and violated COPPA .
Path is now required to establish a “comprehensive” privacy program, obtain independent privacy assessments every other year for the next 20 years (similar terms to what Google and Facebook have had to agree to in the past), and pay $800,000 for the COPPA violation.
The FTC charged that Path violated the COPPA rule by not spelling out its collection, use and disclosure policy for children’s personal info, not providing parents with direct notice of its collection, use and disclosure policy for children’s personal info, and not obtaining verifiable parental consent before collecting children’s personal info.
Path is also required to delete info collected from children under the age of 13. The company has already deleted the address book info that it collected during the time period for what the FTC calls its “deceptive practices” took place.
“Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers,” said FTC Chairman Jon Leibowitz. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”
In related news, Leibowitz announced his resignation as FTC Chairman today. He will step down on February 15.
Path recently launched a new search feature, which lets you search “moments” your friends and family have shared on Path or other social networks like Facebook, Instagram and Foursquare.
Update: Path has issued its response to the FTC’s announcement. The company says:
Today the United States Federal Trade Commission (FTC) announced that it reached a settlement pending court approval with Path regarding alleged violations of the Children’s Online Privacy Protections Act (COPPA). The gist of the FTC’s complaint is this: early in Path’s history, children under the age of 13 were able to sign up for accounts. A very small number of affected accounts have since been closed by Path.
As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.
We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.
Throughout this experience and now, we stand by our number one commitment to serve our users first.