Path Settles Privacy Charges With FTC

Agency also releases staff report recommending mobile privacy guidelines

Path, a social networking app, agreed to settle privacy charges with the Federal Trade Commission that it collected personal information from users' mobile address books without their knowledge or consent. The app, which lets users share personal journals with a network of friends ran afoul of children's privacy laws by collecting personal information from 3,000 children under 13 without parental consent.

To settle the charges, Path will pay $800,000. The company also agreed to establish a comprehensive privacy program that will be audited by the FTC every other year for the next 20 years.

The settlement was announced on a big news day for the FTC, which also released a staff report recommending ways mobile marketers can improve privacy disclosures.

"These initiatives are really just a typical day's work at the FTC," said FTC chair Jon Leibowtiz, who Thursday said he was stepping down from the agency. "It's one of the reasons I will miss this agency so much."

Under Leibowitz, the agency has brought numerous cases against companies for deceptive privacy policies such as Google, Facebook and MySpace, as well as several mobile kids apps. 

In its complaint against Path, the FTC charged Path's privacy policy was misleading. Path gave users the impression that they could select the option to "find friends from your contacts" option. In fact, the way Path was set up, the app automatically selected that option for them. And contrary to Path's privacy policy that claimed it collected only certain information such as IP address, operating system, browser type, and site activity information, the app in fact it collected personal information including names, addresses, phone numbers, email addresses Facebook and Twitter names, and even dates of birth.

Path said in a blog post  it fixed the problem with children under 13 before being contacted by the FTC.

"We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like Coppa (Childrens Online Privacy Protection Act)…. It wasn't until we gave our account verification system a second look that we realized there was a problem," read the post.

During a press conference, Leibowitz, who became "a little wistful" about his exit, said that the settlement with Path will probably be his last major action as chairman before he leaves Feb. 15.

"I will start to recuse myself on most matters," Leibowitz said.

But Leibowitz also had a warning for companies going forward that fail to embrace "privacy by design" and ignore some of the suggestions for improving privacy transparency and choice as laid out in the staff report, "Mobile Privacy Disclosure."

"Some companies are doing a good job. But if others don't wake up and don't do the right things, industries will face much more prescriptive regulations down the road," warned Leibowitz.