To settle charges of obtaining personal data from children without parental consent, Path has agreed to pay an $800,000 fine and set up a privacy program, the US Federal Trade Commission has announced. To comply with privacy concerns, Path will moreover have to get independent privacy assessments performed every other year for the next 20 years. The core issue is only indirectly related to problems with the handling of address book data; specifically, the FTC has been investigating the age gate system in Path’s iOS app, which it says led to violations of the Children’s Online Privacy Protection Act, better known as COPPA.
“As you may know, we ask users’ their birthdays during the process of creating an account,” a new Path statement explains. “However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.” The company claims to have already deleted data collected from underage users, in addition to the address book info it once pulled from every user.
The address book matter created a public firestorm, including for Apple, since Path’s app revealed vulnerabilities in the App Store as a whole. Members of the US Congress sent a letter to Apple, and Path co-founder Dave Morin was allegedly “grilled” by Apple CEO Tim Cook.