Path found itself in hot water with the Federal Trade Commission when the mobile social network was discovered to be collecting information about its users’ personal data from their mobile devices without consent. After the FTC’s privacy assessment, Path has agreed to pay an $800,000 penalty for violating the Children’s Online Privacy Protections Act (COPPA) and will be subject to auditing every other year for the next 20 years.
To clarify the settlement, Path is getting hit with two penalties for three infractions.
When a user signed up to Path, they were unknowingly exposing their personal information to the social app. Privy to certain private information, and collecting this data in the process, Path had access to user’s birthdays, relevant social media accounts, addresses, phone numbers, and other personal info from a user’s mobile address book. Even if the mobile social network offered the options to “Find friends from contacts,” “Friend friends from Facebook,” or” Invite friends to join Path by email or SMS,” these options were just a ruse, according to the FTC, and misleading.
Following up on this violation, Path’s privacy policy only claimed to collect usage data including IP addresses, operating systems, and browser types. Of course the amount of information Path collected was larger.
The most alarming discovery coming out of Path’s brush with the FTC stems from its oversight for failing to add measures to curb children under the age of 13 from signing up for a Path account, not to mention that Path was also scraping and storing personal information from underaged users. 3,000 children were said to be affected, but Path has since effectively deleted these accounts. For a company that has raised $41.5 million so far, $800,000 is just a flesh wound but the penalty will make the social network think twice. Path acknowledged its shortcomings in a blog post, saying, “From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem.” Path proceeded to underline the importance of the FTC’s rules, “in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA.”
In addition to the six figure penalty, and removal of accounts belonging to under 13 minors, user’s address book information have also been purged. With a renewed privacy program forced by the FTC, Path has zero room for error, at least for the next 20 years.
