Path to pay $800,000 to settle privacy issues with FTC

The social-networking site also will establish a "comprehensive privacy program" and obtain independent privacy assessments every other year for the next 20 years.

Path reached a settlement with the FTC over privacy issues. Screenshot by Shara Tibken/CNET
Path, the social-networking startup, has agreed to pay $800,000 to the U.S. Federal Trade Commission and take other actions to settle charges that Path deceived users by collecting personal information from their mobile device address books without their knowledge and consent.

Along with the fine, the company also will establish a "comprehensive privacy program" and obtain independent privacy assessments every other year for the next 20 years. The fee is to settle charges that Path illegally collected personal information from children without their parents' consent.

The issue stems from a year ago when it was discovered that Path's app automatically uploaded smartphone users' entire address books to its servers. CEO Dave Morin vowed to better protect user data , but the FTC still charged the company with violating the Children's Online Privacy Protection act by collecting personal information from about 3,000 children under the age of 13 without first getting parents' consent.

Path said today in a blog post that for a period of time, its system wasn't automatically rejecting people who indicated they were under 13. It discovered and fixed the issue before the FTC reached out to the company, Path said. It said it hopes others learn from its experience.

"From a developer's perspective, we understand the tendency to focus all attention on the process of building amazing new things," the company said. "It wasn't until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent."

A spokesperson from Path declined to comment further to CNET.

The FTC noted the settlement is part of its effort to make sure companies comply with the privacy policies they make to consumers and that personal information of children isn't collected or shared without parental consent.

Along with the COPPA issues, the FTC also charged that the user interface in Path's iOS app was misleading and provided consumers with no meaningful choice about the collection of their personal data. Version 2.0 of the Path app included an "Add Friends" feature that had three options: Find friends from your contacts, find friends from Facebook, or invite friends to join Path by e-mail or SMS.

However, Path automatically collected and stored personal information from the user's address book even if the user hadn't selected to find friends from contacts. Path stored names, addresses, phone numbers, e-mail addresses, Facebook and Twitter usernames, and birth dates.

The FTC also said Path's privacy policy deceived customers by claiming it automatically collected only certain user information, such as IP address and operating system, when it actually collected the personal information from the mobile device address book.

"Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers," FTC Chairman Jon Leibowitz said in a press release. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

Path brands itself as "the smart journal" that consists of a series of saved moments -- photos, songs you listened to, places you visited, and so on. It's analogous to Facebook's Timeline feature, but designed to be shared with a more intimate circle of friends. In December, it launched a search feature that sits at the top of the app and retrieves your memories in clever ways.

An $800,000 charge is likely a big blow to the startup. Path last year raised about $30 million from investors , but the company's business model isn't entirely clear. Along with the steps against Path, the FTC also introduced a business guide to help app developers protect user privacy and keep data secure.

Here's Path's full blog post today:

Path and the FTC

Today the United States Federal Trade Commission (FTC) announced that it reached a settlement pending court approval with Path regarding alleged violations of the Children's Online Privacy Protections Act (COPPA). The gist of the FTC's complaint is this: early in Path's history, children under the age of 13 were able to sign up for accounts. A very small number of affected accounts have since been closed by Path.

As you may know, we ask users' their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.

We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer's perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn't until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.

Throughout this experience and now, we stand by our number one commitment to serve our users first.

(Via The Next Web)
 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Mac running slow?

Boost your computer with these five useful tips that will clean up the clutter.