Path mobile app agrees to FTC settlement over privacy violations

By Brendan Sasso - 02/01/13 01:16 PM ET

Path, a social-networking mobile app, said on Friday it agreed to settle privacy violation charges with the Federal Trade Commission.

The company will pay an $800,000 fine for illegally collecting personal information from children and will enter into a binding settlement with the FTC for collecting information from users' address books without their permission.

“This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans,” FTC Chairman Jon Leibowitz said in a statement.

Path is a service that lets users share journal entries, photos and location information with their friends.

According to the FTC, a 2011 Path update for Apple devices collected and stored information from the users' address books, including names, phone numbers, email addresses, Facebook and Twitter usernames and dates of birth.

The FTC charged that Path engaged in a deceptive business practice by claiming in its privacy policy that it only collected information such as the user's IP address, operating system, browser type and site activity.

The settlement requires Path to establish a comprehensive privacy program and to submit to independent privacy audits every year for the next 20 years.

Path also agreed to pay an $800,000 fine for violating the Children's Online Privacy Protection Act (COPPA), which bans websites and apps from knowingly collecting information from children younger than 13 without their parents' permission.

Path asks new users for their birth date; the company admitted that for a period of time, it allowed users to create an account even if they said they were 12 years old or younger.

In a conference call with reporters, Leibowitz said about 3,000 children were able to create accounts on Path before the company changed its policy. Path said it has disabled the accounts of the children.

"Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created," the company said in a blog post.

Also on Friday, the FTC released a report recommending steps companies can take to improve the privacy protections of their mobile device users.

The commission recommended that companies provide easy-to-understand privacy policies, obtain a user's consent before accessing location information and allow users to opt out of tracking by third-party advertisers, among other recommendations.