The United States Federal Trade Commission announced on Friday that social networking app Path has agreed to pay an $800,000 fine to settle charges that it collected users’ personal information without their consent.
Path is now required to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years. The company has also agreed to pay a $800,000 fine to settle charges that it illegally collected personal information from children without their parents’ consent.
“Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers,” said FTC Chairman Jon Leibowitz. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.”
The settlement brings to an end the dispute over Path. The app gained much negative publicity a year ago when developer Arun Thampi discovered the popular social networking app was uploading contact data without requesting permission. Apple CEO reportedly has a “Come to Jesus” meeting with Path co-founder Dave Morin over the alleged privacy breach, and the issue was corrected in a later update.
The controversy prompted many “concerned” members of congress to send a letter to Apple seeking answers about the security of information stored on iOS devices.
Path also made a public apology for its “add Friends” feature, which it said only collected data to improve the quality of its friends suggestions, and to notify users when a contact joined the service.
The FTC filed a complaint against Path and their iOS app, alleging it mislead consumers. Path claimed the app only collected certain information, like IP addresses, OS, and browser type, but actually, the app automatically harvested and stored address book information when the app was launched, and would do so each time the user signed back into their account.
The FTC also claimed Path had violated the Children’s Privacy Protection Act by collecting information from about 3,000 children under the age of 13 without their parents consent.
As well as paying the $800,000 penalty, Path is prohibited from making any misrepresentations about the extent to which it maintains the privacy and confidentiality of consumers’ personal information. They are also required to delete any info collected from anyone under the age of 13. The service has reportedly already deleted the address book information it collected before its practices were discovered.