As part of the widespread increase in regulatory focus on data collection, usage and disclosure practices in the mobile industry, the FTC brought charges against Path, Inc., the maker and distributor of a popular social media mobile app, alleging general privacy law violations, as well as a violation of the recently amended Children’s Online Privacy Protection Act (COPPA). The FTC’s action against Path comes amid an uptick in regulatory activity, including the release of a recent FTC report on the topic, discussions by federal lawmakers on establishing mobile application privacy standards and California’s recent action to require mobile app distributors to post and comply with a privacy policy.
In response, Path and the FTC reached a settlement that will require Path to pay $800,000 for the alleged COPPA violation, and for Path to “obtain independent privacy assessments every other year for the next 20 years.”
According to the FTC:
The settlement with Path is part of the FTC’s ongoing effort to make sure companies live up to the privacy promises they make to consumers, and that kids’ personal information isn’t collected or shared online without their parents’ consent. [ . . . ]
In its complaint, the FTC charged that the user interface in Path’s iOS app was misleading and provided consumers no meaningful choice regarding the collection of their personal information . . . Path automatically collected and stored personal information from the user’s mobile device address book even if the user had not [agreed to such collection] . . .
The FTC also alleged that Path’s privacy policy deceived consumers by claiming that it automatically collected only certain user information such as IP address, operating system, browser type, address of referring site, and site activity information. In fact, version 2.0 of the Path app for iOS automatically collected and stored personal information from the user’s mobile device address book when the user first launched version 2.0 of the app and each time the user signed back into the account.
Given the larger regulatory trend, it was only a matter of time before the FTC, and other regulatory bodies, began taking action against entities engaged in the mobile marketplace that fail to ensure that their privacy practices, and associated disclosures, are compliant with existing law. As the Path case makes clear, entities that fail to comply with state and federal privacy practice requirements – even in the mobile space – could find themselves facing regulatory action from the FTC, or state regulatory bodies, which is increasingly resulting in significant fines being levied.
If you are interested in learning more about this topic or need to review your privacy practices and/or update your mobile platform/mobile app privacy policies based on this FTC settlement, please contact us at your convenience.
Attorney Advertising
