Feb. 1, 2013 at 11:03 AM ET
The developers of Path have agreed to settle Federal Trade Commission (FTC) charges that the social network has deceived users and improperly collected personal information (including that of children). As part of the settlement, they'll have to "establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years." And pay a fine of $800,000.
Path is an app-based social network which allows users to share "moments" — photos, text, geographic locations, song names, and more — with small networks of up to 150 friends. The social network was initially iOS-only, but is now available on Android as well.
The FTC's complaint primarily focuses on the Path iOS app — version 2.0, to be specific — which according to the agency had a misleading user interface which "provided consumers no meaningful choice regarding the collection of their personal information."
When users took advantage of the app's "Add Friends" feature in order to find existing connections on the social network, they were provided with the options to search their contacts, find friends from Facebook, or invite friends via email or SMS. There was just one problem:
"Path automatically collected and stored personal information from the user’s mobile device address book even if the user had not selected the 'Find friends from your contacts' option," a press release by the FTC explains. "For each contact in the user’s mobile device address book, Path automatically collected and stored any available first and last names, addresses, phone numbers, email addresses, Facebook and Twitter usernames and dates of birth."
The FTC alleges that Path deceived users by claiming that it "only" collects certain information such as IP addresses, browser types, site activity info and similar … rather than snatching up and storing personal information from the users' contacts. This deception was deemed to be a violation of a Children's Online Privacy Protection (COPPA) rule, which requires those who run online services to notify parents and obtain their permission before information is collected from children under the age of 13.
Path's developers explain, in a post on its official blog, that the information belonging to youngsters was collected due to a glitch. "[T]here was a period of time where our system was not automatically rejecting people who indicated that they were under 13," they write. "Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created."
No matter the explanation, neither this violation nor the overall deception of users is being taken lightly by the FTC. In addition to slamming Path with a civil penalty amounting to $800,000 for the COPPA violation, the agency is also prohibiting it from "making any misrepresentations about the extent to which it maintains the privacy and confidentiality of consumers’ personal information." Path is also required to delete any information collected from users under the age of 13 (though the social network claims it already deleted the contact information previously gathered).
In a press release, FTC Chairman Jon Leibowitz emphasized that the agency is focusing on consumer privacy violations:
Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers. ... This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.
Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.