Path Settles With FTC Over Alleged COPPA Violations
Social networking app Path has agreed to a settlement with the Federal Trade Commission, the FTC announced Friday, in which the startup will pay $800,000 to settle charges of allegedly collecting information on children under the age of 13.
Under the conditions of the settlement, Path will also be required to submit to privacy audits every other year for the next two decades.
The allegations stem from a period in early 2012, when Path had discovered approximately 3,000 underage users on the social networking service, which collects birthdate information during the signup process — a clear violation of the Children’s Online Privacy Protection Act (COPPA).
“This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans,” said FTC Chairman Jon Leibowitz in a statement.
The relatively small Path joins the growing ranks of Internet companies which have faced federal privacy charges, including tech titans such as Facebook and Google. Late last year, Facebook also reached a settlement with the FTC in which the company agreed to many of the same terms as Path, including ongoing privacy audits for the next 20 years. Google, too, agreed early last year to settle with the FTC over privacy violations related to Gmail and its failed product, Google Buzz.
The settlement with Path comes as a last grand act for departing FTC chairman Jon Leibowitz, who, during his four-year tenure, took a particularly hard-line stance on consumer privacy protections, though he has been criticized by some for letting Facebook off the hook in its settlement. Leibowitz and his office also released a set of best privacy practices for mobile application developers on Friday morning, attempting to curb the incidence of future violations, accidental or otherwise.
According to the FTC, Path did not “spell out its collection, use and disclosure policy for children’s personal information,” it didn’t disclose that collection process to parents, and it didn’t obtain “verifiable parental consent before collecting children’s personal information.”The investigation by the FTC came about as a result of Path’s massive privacy flare-up last year, when it was discovered that users’ cellphone address book information was being uploaded to the startup’s servers without users’ express knowledge. That caught the FTC’s attention, and the organization began looking into the startup’s past issues for other potential violations.
Path had already discovered the underage accounts before the FTC began its investigation, but the fallout from the address-book saga caused the FTC to scrutinize all of the startup’s past actions.
Path responded to the settlement in a statement posted to the company’s blog on Friday morning:
“We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.”
According to the FTC, the settlement also requires Path to delete any and all information collected on said underage children, which the startup has already done.