Path’s 2012 included a major hiccup when it was discovered in February last year that the app uploaded user address books in their entirety to its servers. The company quickly responded by deleting the data and apologizing for the transgression, but the damage was done: The FTC levied charges against the startup, and today the government body has announced the results of those proceedings in the form of a settlement (as spotted by TNW).
Path has agreed to pay an $800,000 fee for “allegedly collecting kids’ personal information without their parents’ consent,” since it violated the Children’s Online Privacy Protection Act in gathering personal information from around 3,000 kids who were under the age of 13, without requiring parental sign-off. In addition to the charge for the COPPA violation, Path will also be implementing a “comprehensive privacy program,” which includes a requirement that it conduct privacy assessments from external, disinterested third-party sources every other year.
FTC Chairman Jon Leibowitz (who announced his resignation yesterday) emphasized that this settlement with Path exemplifies the agency’s commitment to keeping up with consumer privacy complaints even in the face of changing technology.
“Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers,” he’s quoted as saying in a release. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”
For a large company like Facebook or Google, an $800,000 fine would essentially be a slap on the wrist. But to a startup like Path that, despite having raised some $40 million in venture capital, still doesn’t have a firm revenue model in place, it’s a more significant deterrent measure. The FTC also took the opportunity to introduce a new set of guidelines for mobile developers, in which it provides helpful info about how other mobile apps can avoid running afoul of consumer privacy in the same way as Path in the future.