Reuters: Web startup Path to pay $800,000 to settle privacy charges

http://www.reuters.com/article/2013/02/01/us-path-privacy-idUSBRE91019Z20130201

Web startup Path to pay $800,000 to settle privacy charges

By Alexei Oreskovic

SAN FRANCISCO

Feb 1, 2013

(Reuters) - Social networking start-up Path will pay $800,000 to settle charges with federal regulators that it improperly collected personal information on children.

The company also agreed to submit to 20 years of independent privacy reviews to settle charges that it secretly collected information from its users mobile phone address books.

The settlement, announced by the Federal Trade Commission on Friday, is the latest between the agency and Web companies for privacy violations.

San Francisco-based Path triggered a privacy controversy in February 2012 when an independent software developer in Singapore discovered that the company's iPhone application was uploading users' address book data to its own servers without permission.

Path CEO Dave Morin, who was an early employee at Facebook Inc, quickly apologized for the incident at the time and said the company had deleted all the "contact information" it had collected.

The FTC said on Friday that in addition to having uploaded users' address book information without permission, Path had also violated federal privacy laws by collecting the personal information of roughly 3,000 children without getting their parents' consent.

In a post on the company blog on Friday, Path acknowledged that it had failed to reject children under the age of 13 from registering for the service.

"There was a period of time where our system was not automatically rejecting people who indicated that they were under 13," Path said. "Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created."

Under the terms of the settlement, Path, which lets mobile phone users share photos and other information with small circles of friends, will obtain independent privacy audits every other year for the next 20 years and establish a comprehensive privacy program.

Online social networking companies have faced increasing scrutiny and enforcement from privacy regulators as consumers entrust ever-increasing amounts of information about their personal lives to Web services.

In August, Google Inc agreed to pay a $22.5 million fine to settle charges that it bypassed the privacy settings of customers using Apple Inc's Safari browser. Facebook settled charges in 2011 that it deceived users by letting advertisers collect some of their personal information.

(Reporting By Alexei Oreskovic; Editing by Bob Burgdorfer)