Government fines technology company on privacy claims

Saturday February 2, 2013

WASHINGTON -- The company behind the popular Path social networking service agreed to pay $800,000 to settle federal charges that it illegally collected personal information from cellphones without the knowledge or consent of its customers, the government said Friday.

Path Inc. of San Francisco collected names, addresses, phone numbers, email addresses and usernames from Facebook and Twitter accounts from the cellphones of its customers without permission, the Justice Department and Federal Trade Commission said.

These customers included roughly 3,000 children under 13 and occurred even in cases when a Path customer sought to block the service from collecting the information. The government said Path collected the information the first time a customer signed into the service and upon every subsequent sign-in.

"The user had no meaningful choice as to the collection and storage of personal information from the user’s mobile device contacts, and the user interface options were illusory," according to the Justice Department’s lawsuit against Path. The Justice Department filed the case against Path on Thursday in federal court in San Francisco at the FTC’s request. Path acknowledged the legal settlement on Friday.

Path said in a statement that even before the FTC had contacted the company, it was made aware that its service was allowing children under 13 to register as customers. It said it has suspended all accounts for users under 13. Path’s statement did not respond to the government’s charge that the company had violated privacy assurances that it made to adult customers whose personal information it collected without permission.

"There was a period of time where our system was not automatically rejecting people who indicated that they were under 13," the company said. "Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any underage accounts that had mistakenly been allowed to be created."

The fine comes as the FTC adopts new recommendations to make sure companies in the rapidly expanding mobile market are aware of privacy concerns and offer better information to consumers about data practices. The FTC wants app developers and operating system providers, including Apple and Google, to give consumers real-time disclosures and obtain their express consent before accessing sensitive content like geographic location, contact lists and photos.

"This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans," said outgoing FTC Chairman Jon Leibowitz, who on Friday formally announced plans to leave the agency.

The Path service allows users to create personal journals and share information with a network of up to 150 friends. Through the app -- which is popular with children -- users of Apple and Android cellphones can upload, store and share photos, written messages, their location or the names of favorite songs.

The fines assessed against Path were for violating the federal Children’s Online Privacy Protection Act, which prohibits companies from accessing information from children under 13 without a parent’s consent.

Leibowitz described rapid developments in mobile technology as "a Wild West of sorts," presenting unique challenges for government consumer watchdogs. Customers worldwide bought about 217 million smartphones in the last three months of 2012, with users increasingly using the devices to store personal data.

The FTC says consumers using smartphones have become more concerned about privacy. About 57 percent of all app users have either uninstalled an app or declined to install one over concerns about having to share personal information. Less than a third of Americans believe they are "in control" of personal data on their mobile devices, the FTC report found.

"All of this can leave us wondering whether and how our private interests are being protected," Leibowitz said.

The FTC is recommending that operating system providers and app developers develop icons that show the transmission of data as it is obtained from mobile devices. It also recommends a one-stop "dashboard" that would let consumers review the types of content accessed by apps that have been downloaded.


If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.

Powered by Creative Circle Media Solutions