Path to Pay $800,000 Fine for Unlawful Collection of User Data
The owners of the mobile social network Path have settled with the Federal Trade Commission over charges that the company had collected personal information from its users, some of whom are minors, without the users' knowledge or consent.
The owners of the mobile social network Path have settled with the Federal Trade Commission over charges that the company had collected personal information from its users, some of whom are minors, without the users’ knowledge or consent.
The settlement requires the company to pay an $800,000 civil penalty, to delete the information it has collected from children under the age of 13, and to implement a new privacy program.
An alternative to Facebook, Path allows users to share a personal diary of pictures, status updates, favorite songs, and current location with up to 150 of their friends.
In version 2.0 of Path’s mobile application for iOS devices, the company’s “Add Friends” feature gave users multiple options to migrate their existing contacts to Path via their Facebook accounts, the contact lists on their phones, or through a personal invitation by email or text message.
What the users didn’t know, according to the FTC, is that Path was automatically collecting and storing data from their mobile phones even if they had not chosen to add friends from their phone’s contact lists.
Further, while Path’s privacy policy did alert users that the application would collect information about their IP addresses, what operating systems and browser types they used, their activities on the site, and the address of the site that referred them to Path, the FTC found that the application was also automatically collecting and storing information from users’ address books each time they logged in.
The address books contained personal information including first and last names, addresses, phone numbers, email addresses, Facebook and Twitter usernames, and birthdays of the person’s contacts.
Path had also violated the Children’s Online Privacy Protection Act (COPPA) Rule by collecting data from approximately 3,000 children aged 13 and younger without the consent of their parents, which was the reason for the fine. The collected information has since been removed.
“Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong,” wrote Path co-founder and CEO Dave Morin in a blog post. “We are deeply sorry if you were uncomfortable with how our application used your phone contacts.”
In a conference call announcing the enforcement action, FTC chairman Jon Leibowitz called Path’s practices “deceptive.” He advised all mobile companies to “tell consumers what you’re doing with their data, and once you have their data, be responsible stewards of that data.”
Related: My First Adventure with Path 2.0 — Is It Still a Personal Network?
