Anisha Mehta
Earlier this month the Federal Trade Commission (FTC) reached an $800,000 settlement with Path for violations of the Children’s Online Privacy Protection Act (Coppa). The Act regulates the collection and use of personal information from children under the age of 13 by websites. Coppa requires websites to post privacy policies describing what information is being collected and how it will be used, and requires the website to obtain verifiable parental consent for the collection of such information. The settlement requires Path to delete collected information from children under age 13, pay a $800,000 civil penalty, establish a comprehensive privacy program, and obtain independent privacy assessments every other year for the next 20 years. Approximately 3000 accounts from children under age 13 have been found out of 6 million users.
Path targets families to allow them to share personal moments by creating private social networks. The company faced FTC privacy concerns when it was discovered that information from user’s iPhone address books was being uploaded to Path’s servers without their consent. In the process of this investigation in February 2012 the Coppa violations were discovered by the startup and by May 2012 the startup changed the sign-up process so that individuals under the age of 13 were automatically detected and blocked. According to an article in Gigaom.com, the FTC has stated “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans”.
This case also shows the emphasis the FTC is placing on privacy considerations in regard to mobile devices. At the beginning of the month the FTC also published suggested privacy guidelines for mobile apps, which while not binding, show the seriousness with which the agency is looking at mobile privacy. The FTC is not just focusing on major corporations, but also on small businesses that create apps and providing them with recommended strategies to lower their risks of privacy violations.