The developers of Path have agreed to settle Federal Trade?Commission?(FTC) charges that the social network has deceived users and improperly collected personal information (including that of children). As part of the settlement, they'll have to "establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years."?And pay a fine of $800,000.
Path is an app-based social network which allows users to share "moments"???photos, text, geographic locations, song names, and more???with small networks of up to 150 friends.?The?social?network?was?initially?iOS-only,?but?is?now?available?on?Android?as?well.
The?FTC's?complaint?primarily?focuses?on?the?Path?iOS?app???version?2.0,?to?be?specific???which?according?to?the?agency?had a misleading user interface which "provided consumers no meaningful choice regarding the collection of their personal information."
When users took advantage of the app's "Add Friends" feature in order to find existing connections on the social network, they were provided with the options to search their contacts, find friends from Facebook, or invite friends via email or SMS. There was just one problem:?
"Path automatically collected and stored personal information from the user?s mobile device address book even if the user had not selected the 'Find friends from your contacts' option,"?a press release by the FTC explains.?"For each contact in the user?s mobile device address book, Path automatically collected and stored any available first and last names, addresses, phone numbers, email addresses, Facebook and Twitter usernames and dates of birth."
The FTC alleges that Path deceived users by claiming that it "only" collects certain information such as IP addresses, browser types, site activity info and similar ? rather than snatching up and storing personal?information from the users'?contacts.?This?deception?was?deemed?to?be?a?violation?of?a?Children's Online Privacy Protection?(COPPA)?rule,?which?requires?those?who?run?online?services?to?notify?parents?and?obtain?their?permission?before?information?is?collected?from?children?under?the?age?of?13.
Path's?developers?explain,?in?a?post?on?its?official?blog,?that?the?information?belonging?to?youngsters?was?collected?due?to?a?glitch.?"[T]here was a period of time where our system was not automatically rejecting people who indicated that they were under 13,"?they?write.?"Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created."
No matter the explanation, neither this violation nor the overall deception of users is being taken lightly by the FTC. In addition to slamming path with a civil penalty amounting to $800,000, the agency is also prohibiting it from "making any misrepresentations about the extent to which it maintains the privacy and confidentiality of consumers? personal information." Path is also required to delete any information collected from users under the age of 13 (though the social network claims it already deleted the contact information previously gathered).
In a press release,?FTC Chairman Jon Leibowitz?emphasized that the agency is focusing on consumer privacy violations:
Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it?s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers. ...?This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.
Want more tech news?or interesting?links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on?Twitter, subscribing to her?Facebook?posts,?or circling her?on?Google+.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.