Social Network Path Penalized $800K by FTC for Consumer Privacy Violations16 Apr, 2013 By: Arthur Yoon, Jeffrey Richter
Path is the operator of a social networking service similar to Facebook that allows users through a mobile application (app) to upload, store and share photos, messages, geographic locations and other similar data with small networks of up to 150 friends. Although Path is a small emerging technology company with most consumers unfamiliar with its services, the Federal Trade Commission (FTC) filed a strict enforcement action against it for consumer privacy violations. The FTC charged Path with deceiving its users and improperly collecting personal information, including that of children, and ultimately assessed Path with an $800,000 civil penalty after the company agreed to settle the charges.
The FTC's complaint against Path primarily focuses on its mobile application for Apple devices that, according to the agency, had a misleading user interface that provided consumers no meaningful choice regarding the collection of their personal information. In version 2.0 of its app for Apple devices, Path offered a “Find friends from your contacts” feature that a user can select to help the user add new connections to the user’s networks. However, according to the FTC, Path automatically collected and stored personal information, such as first and last names, addresses, phone numbers, E-mail addresses and dates of birth from the user’s mobile device address book even if the user had not selected that feature.
Through its apps, Path enabled children to create personal journals and upload, store and share photos, messages, precise locations and the names of songs to which the child was listening. The FTC alleged that Path violated COPPA by collecting personal information from a child’s address book, including full names, addresses, phone numbers, E-mail addresses and dates of birth without first obtaining the consent of the child’s parents.
The settlement requires Path to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years. The company also will pay an $800,000 civil penalty to settle the charges that it illegally collected personal information from children without their parents’ consent. Path is further prohibited from making any misrepresentations about the extent to which it maintains the privacy and confidentiality of consumers’ personal information.
The FTC’s enforcement action against Path shows that the agency will pursue a company for consumer privacy violations regardless of the size of the company or popularity of the new technologies that are emerging in the marketplace. It is a strong example of the FTC’s intolerance for consumer privacy violations and its ongoing effort to ensure companies live up to the privacy promises they make to consumers.