Last year, Path – the social networking-enabled photo sharing and messaging service received a lot of negative publicity when Singapore based developer and blogger discovered that Path’s slick iPhone app uploads your entire address book to its servers.
Apple was also criticised for giving developers far too much access to address book information without requiring a user prompt.
The company had agreed with that assessment and made it mandatory for apps that accessed the address book to ask for permission in iOS 6.
It looks like during the investigation, the U.S. Federal Trade Commission also discovered that Path also violated Children’s Online Privacy Protections Act (COPPA) by briefly allowing children under the age of 13 to sign up.
The U.S. Federal Trade Commission has announced that it has reached a settlement with Path pending court approval. According to the terms of the settlement, Path has to establish a comprehensive privacy program and obtain independent privacy assessment every year for next 20 years. Path also has to pay a fine of $800,000 for illegally collected personal information from children without their parents’ consent.
“Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers,” said FTC Chairman Jon Leibowitz. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”
Path has also explained its position in a blog post:
As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.
We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.
The FTC has also given recommendations to Apple and App developers to improve mobile policy disclosures.
The fine should serve as a wake up call to developers to ensure their service is in compliance with the local rules and regulations to ensure they do not get into trouble with the authorities.