Social networking application developer Path Inc. agreed to pay $800,000 to settle Federal Trade Commission charges that it improperly received information from children under 13 and secretly collected data from users' mobile address books, in a federal court consent order filed Feb. 1 (United States v. Path Inc., N.D. Cal., 3:13-cv-00448-JCS, consent agreement filed 2/1/13).
The FTC alleged in a complaint, which was filed Jan. 31 in the U.S. District Court for the Northern District of California, that Path allowed the registration of approximately 3,000 users whose dates of birth showed they were under 13. Path's collection of the personal data of those children without notice and parental consent violated the Children's Online Privacy Protection Act Rule, 16 C.F.R. Pt. 312, the commission asserted.
As part of the proposed settlement, Path agreed to establish a comprehensive privacy program and obtain privacy audits from a third party. The third-party audit will include an initial audit after one year from the effective date of the decree and then assessments every two years for a period of 20 years from the date of the decree.
According to the FTC, Path's app is a social networking service that allows users to share a journal that includes photos, thoughts, or their location with up to 150 people. The agency said the app launched Nov. 14, 2010, and has been downloaded over 2.5 million times.
Path's alleged collection of users' address book data also is the subject of a putative class action lawsuit in the same district court, Hernandez v. Path Inc., N.D. Cal., No. 4:12-cv-01515-YGR. An Oct. 19, 2012, ruling in that case permitted state claims to proceed against the company, but dismissed federal claims (11 PVLR 1586, 10/29/12).
During a Feb. 1 teleconference with reporters on a new mobile privacy report concurrently released by the agency (see related report), FTC Chairman Jon Leibowitz said Path was targeted because “there were two things that stood out. One, clear deception. They said they would not do X and then they did. Two, it involves kids. That is a sort of red flag combination for us.”
Leibowitz, who announced the same day that he would resign later this month (see related report), said in a Feb. 1 statement that the agreement “shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”
In a Feb. 1 blog post, Path admitted it did not initially automatically reject users under the age of 13. However, it said, “Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.”
It said it hoped its experience would cause others companies to be “reminded of the importance of making sure services are in full compliance with rules like COPPA.”
According to the FTC, Path collected email addresses, full names, gender, phone numbers, and dates of birth from approximately 3,000 users under 13 who registered between November 2010 and May 2012. The agency added that after Path released version 2.0 of its app for Apple devices Nov. 29, 2011, it began collecting personal information of the contacts in the address books of users under 13.
Section 312.4(b) of the COPPA Rule required Path to provide sufficient notice regarding how it collected information from children, the agency said. Section 312.4(c) of the COPPA Rule, it added, also mandates a direct notice to parents regarding information collection, and Section 312.5(a)(1) required Path to obtain parental consent.
In the consent decree, Path agreed to injunctive relief requiring it to provide notice and obtain parental consent in accordance with the requirements of the COPPA Rule. It also agreed to delete any data it held from users under 13 and pay a $800,000 fine. The FTC's complaint said it is authorized to seek up to $16,000 per COPPA Rule violation.
According to the agency, Path emphasized privacy as a value on its website. It said the company stated, “Path should be private by default. Forever. You should always be in control of your information and experience.”
When Path released version 2.0 of its app for Apple devices, the agency said users were presented with an “Add Friends” feature that included the ability to “Find friends from your contacts” and “Find friends from Facebook.” The FTC said that regardless of whether users chose to find friends from their contacts, the Path app collected and stored that data.
Path obtained from users' address books their friends' full names, addresses, phone numbers, email addresses, Facebook usernames, Twitter usernames, and dates of birth, the FTC alleged.
The consent decree and order are available at http://www.ftc.gov/os/caselist/1223158/130201pathincdo.pdf.
The complaint is available at http://www.ftc.gov/os/caselist/1223158/130201pathinccmpt.pdf.
Path's blog post is available at http://blog.path.com/.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).