Response Magazine Site Response Expo Site Direct Response Market Alliance Site Response TV Site Market Research Job Board
   Log in
  

DRMA

Social Network Path Penalized $800K by FTC for Consumer Privacy Violations

16 Apr, 2013 By: Arthur Yoon, Jeffrey Richter


Path is the operator of a social networking service similar to Facebook that allows users through a mobile application (app) to upload, store and share photos, messages, geographic locations and other similar data with small networks of up to 150 friends. Although Path is a small emerging technology company with most consumers unfamiliar with its services, the Federal Trade Commission (FTC) filed a strict enforcement action against it for consumer privacy violations. The FTC charged Path with deceiving its users and improperly collecting personal information, including that of children, and ultimately assessed Path with an $800,000 civil penalty after the company agreed to settle the charges.

The FTC's complaint against Path primarily focuses on its mobile application for Apple devices that, according to the agency, had a misleading user interface that provided consumers no meaningful choice regarding the collection of their personal information. In version 2.0 of its app for Apple devices, Path offered a “Find friends from your contacts” feature that a user can select to help the user add new connections to the user’s networks. However, according to the FTC, Path automatically collected and stored personal information, such as first and last names, addresses, phone numbers, E-mail addresses and dates of birth from the user’s mobile device address book even if the user had not selected that feature.

The FTC further charged that Path violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from approximately 3,000 children under the age of 13 without first getting their parents’ consent. COPPA requires that operators that have actual knowledge of child users on their sites notify parents and obtain their consent before they collect, use or disclose personal information from children under 13. Operators covered by COPPA also have to post a privacy policy that is clear, understandable and complete.

Through its apps, Path enabled children to create personal journals and upload, store and share photos, messages, precise locations and the names of songs to which the child was listening. The FTC alleged that Path violated COPPA by collecting personal information from a child’s address book, including full names, addresses, phone numbers, E-mail addresses and dates of birth without first obtaining the consent of the child’s parents.

The settlement requires Path to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years. The company also will pay an $800,000 civil penalty to settle the charges that it illegally collected personal information from children without their parents’ consent. Path is further prohibited from making any misrepresentations about the extent to which it maintains the privacy and confidentiality of consumers’ personal information.

The FTC’s enforcement action against Path shows that the agency will pursue a company for consumer privacy violations regardless of the size of the company or popularity of the new technologies that are emerging in the marketplace. It is a strong example of the FTC’s intolerance for consumer privacy violations and its ongoing effort to ensure companies live up to the privacy promises they make to consumers.

Jeffrey Richter and Arthur Yoon are partners at Los Angeles-based Finestone & Richter. They can be reached at (310) 575-0800, or at jrichter@frlawcorp.com and ayoon@frlawcorp.com.


Add Comment