The US FTC (Federal Trade Commission) has slapped an $800,000 fine to the developers of the Path app for illegal collection of private information from children without their parents’ consent. Path Inc. has agreed to pay the amount and will undergo a comprehensive privacy program which will undergo an independent assessment every other year for the next twenty years. The company has also settled with the FTC the charges that it collected personal information from the address book of mobile users without their consent.
Path, a private social network based in San Francisco, was found to have violated the Children’s Online Privacy Protections Act otherwise known as COPPA. This was discovered after the FTC began investigation on the uploading of iPhone users address books to the company’s servers without the knowledge or consent of users.
Aside from paying the fine the company has also deleted some 3,000 accounts that belonged to minors (those 13 years old and below).
According to the FTC
“Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers,” said FTC Chairman Jon Leibowitz. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”
According to David Morin, the founder and CEO of Path, they had already discovered the accounts of minors as early as February 2012 and by May 2012 had already made changes to the sign up process that detected minors. The company detected this on its own and issued the corresponding changes before the FTC investigation took place.
Morin said that the main reason minors were able to sign up is that there was no system of checks and balances in place. In his blog post he explained this further.
Today the United States Federal Trade Commission (FTC) announced that it reached a settlement pending court approval with Path regarding alleged violations of the Children’s Online Privacy Protections Act (COPPA). The gist of the FTC’s complaint is this: early in Path’s history, children under the age of 13 were able to sign up for accounts. A very small number of affected accounts have since been closed by Path.
As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.
We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.
Throughout this experience and now, we stand by our number one commitment to serve our users first.