Path Settles FTC Privacy Charges


Mobile social network Path agreed to create a comprehensive privacy policy to settle charges that it deceived users by secretly uploading their address books, the Federal Trade Commission announced on Friday.

The social network also agreed to pay $800,000 to settle separate allegations that it violated the Children's Online Privacy Protection Act by collecting names and other personal data from children.

The address-book uploads occurred between November 2011 and February 2012, the FTC alleged in a complaint made public on Friday. During that time, the Path App for iOS automatically gathered and stored contacts in users' address books, regardless of users' preferences, the FTC said.

Path's interface gave people the option of uploading their contacts in order to find friends, but the app allegedly imported the information in all cases. "As a result, the user had no meaningful choice as to the collection and storage of personal information from the user's mobile device contacts, and the user interface options were illusory," the complaint reads.

The first report about Path's address-book uploads surfaced last year, when developer Arun Thampi reported it on his blog. Path CEO Dave Morin quickly apologized in a blog post and said the company had deleted the data.

In addition to implementing a privacy program, Path also agreed to obtain outside audits. Google, Facebook and MySpace previously agreed to similar terms to settle privacy charges.

Path isn't the only mobile app developer to engage in questionable privacy practices. Last February, it emerged that mobile app Hipster had also uploaded users' contacts. Hipster CEO Doug Ludlow acknowledged that the company had done so and apologized for the data collection. Both Path and Hipster are now facing potential class-action lawsuits.

The FTC also charged Path with violating COPPA by knowingly collecting personal data from around 3,000 children under 13 without their parents' permission. The FTC alleged that Path asked users for their birthdates and then proceeded to collect emails, names, phone numbers and other data from users who said they were under 13. The company allegedly did so between November 2010 and May 2012.

Path said in a blog post on Friday that it has closed the accounts of all children under 13. "From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem," the company said.


Next story loading loading..