Path, the digital journaling app that lets you record and share everyday “moments” with up to 150 friends, has agreed to settle with the Federal Trade Commission in a decision that includes an $800,000 fine for claims the app illegally collected data from children without their parents’ consent.
The FTC’s complaint called out Path for collecting data from users’ mobile device address books without clearly stating what it was doing. Path has an “Add Friends” feature that lets you find friends through Facebook, invite them via email or SMS, or look through your contacts list to see who’s already on Path. The FTC claims Path automatically stored personal information from users’ address books regardless of whether or not they selected the “Find friends from your contacts” option.
And it gets stickier: The FTC also stuck Path with an $800,000 fine on grounds that the app, which collects birth date information from users when they first sign up, culled personal information from the accounts of approximately 3,000 children under the age of 13 without first getting their parents’ consent.
Path’s VP of marketing Nate Johnson told Fast Company in December, “At Path, we really believe that if it’s your stuff, it’s your stuff. We’re not going to publish it in other places. We’re not going to do things that you wouldn’t explicitly want us to do. Trust is a core part of building a truly great social network.”
And Path isn’t the only tech company the FTC is cracking down on. Also today, the agency published a set of privacy recommendations for mobile platforms, specifically calling out Amazon, Apple, Google, Microsoft, and BlackBerry.
From the FTC report: “More than other types of technology, mobile devices are typically personal to an individual, almost always on, and with the user. This can facilitate unprecedented amounts of data collection.”
So, readers, sound off: Have you ever uninstalled an app (or decided not to install one) because you felt like you had shared too much personal information?
Update: Path has issued a statement on its blog specifically addressing the $800,000 fine for violating the Children’s Online Privacy Protection Act:
As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.
[Image: Flickr user Mandoft]