Social networking app Path has been fined $800,000 by the US Federal Trade Commission (FTC), after collecting personal information of children without parental consent.
The app maker agreed to settle the charges brought by the FTC, which said it deceived users by collecting personal information from their mobile address books without their knowledge and consent.
Path is a social networking service that allows users to keep journals that they can share with a network of up 150 friends. Using the app, people can upload, store and share photos, thoughts, songs they have been listening to and location.
The FTC’s complaint said the user interface in the Path iOS app was misleading and did not provide a “meaningful choice” regarding the collection of personal information.
With the second version of the app, Path automatically collected personal information — such as names, addresses, phone numbers, email addresses, dates of birth and Twitter and Facebook user names — from device address books even if the user hadn’t selected the ‘Find friends from your contacts’ option.
The FTC also charged Path with violating the Children’s Online Privacy Protection Act (COPPA) by collecting information from around 3,000 children aged under 13 with parental consent.
Path has now deleted the address book information it collected under its previous regime.
As well as the fine, Path is required to establish a comprehensive privacy programme and obtain independent privacy assessments every other year for the next 20 years.
The FTC said the settlement is part of its ongoing effort to ensure companies stick to the privacy promises they make to consumers and that personal information of children is not collected or shared online without their parents’ consent.
“This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans,” said FTC chairman Jon Leibowitz.
In a blog post, Path said: “We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA.”
“From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realised there was a problem. We hope our experience can help others as a reminder to be cautious and diligent,” it continued.
The FTC also published a report with recommendations on how to improve mobile privacy disclosures.