Cohen & Gresser LLP
FEBRUARY 2013

FTC Fines Path Mobile Social Networking App $800,000 for Privacy Breaches

Karen H Bromberg    

The developer of the popular Path social networking app for mobile devices has agreed to settle Federal Trade Commission charges that it deceived users by collecting their personal information without their consent. As part of a settlement reached last Friday, the FTC fined the start-up company $800,00 on claims that it improperly collected user data and stored information on underage users.

 

In its complaint, the FTC charged that the user interface in Path's iOS app was misleading and provided consumers no meaningful choice regarding the storage and collection of their personal information. According to the complaint, Path represented that personal information from the user's mobile device contacts would only be collected if the user clicked on a particular feature "Add Friends " when in reality, Path automatically collected and stored personal information from the user's mobile device contacts each time the user launched the app and, if the user signed out, each time the user signed in again.

 

According to the FTC, Path's privacy policy deceived consumers in an additional way. Path claimed it automatically collected only certain user information, such as an IP address, operating system, browser type, and site activity information , but in fact, the Path application automatically collected and stored for each contact in the user's mobile device address book, if available, name, address, telephone number, mobile number, email address, Facebook and Twitter username, and date of birth, and did so each time a user signed back into their account.

 

Other FTC claims were aimed at Path's knowing collection of personal information from children under the age of 13 without first obtaining verifiable parental consent in violation of the Children's Online Privacy Protection Act ("COPPA"). The FTC alleged that its app for iOS, for Android, and Path's website, while all intended for a general audience, also attracted a significant number of children enabling them "to create a journal and upload, store and share photos, written 'thoughts' , the child's precise location, and the names of songs to which the child was listening."

 

In addition to the $800,000 penalty that Path will pay for its COPPA violation, the social networking service must establish a comprehensive privacy program and is subject to independent privacy audits for the next 20 years.

 

The FTC settlement is a lesson for both start-ups and established companies as the FTC is getting increasingly aggressive in addressing privacy breaches.   As illustrated by the outgoing FTC Commissioner's comment on the Path settlement: "[o]ver the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers...This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

 

While the $800,000 fine may not be significant for behemoth companies like Facebook or Google, it is certainly significant for a start-up one like Path. It remains to be seen if the FTC fines will increase. Rather than wait and see, companies should implement, monitor, update, and strictly adhere to a comprehensive privacy program.

About the Author

Ms. Bromberg is the head of the firm's Intellectual Property and Licensing Group. She handles all aspects of intellectual property, Internet, and technology law, including license agreements, technology transfer and vendor agreements, joint development and co-branding agreements, privacy policies, website terms of service, and management of IP litigation (including patent, trademark, copyright, and trade secret litigation). She was named as a New York Super Lawyer for Intellectual Property in 2010, 2011, and 2012.

About Cohen & Gresser
Cohen & Gresser is a boutique law firm with offices in New York and Seoul. We represent clients in complex litigation and corporate transactions throughout the world. Founded in 2002, the firm has grown to over fifty lawyers in four practice groups: Litigation and Arbitration; Corporate Law; Intellectual Property and Licensing; and White Collar Defense, Regulatory Enforcement and Internal Investigations. Our attorneys are graduates of the nation's best law schools and have exceptional credentials. We are committed to providing the efficiency and personal service of a boutique firm and the superb quality and attention to detail that are hallmarks of the top firms where we received our training.

 

NEW YORK | SEOUL
www.cohengresser.com          info@cohengresser.com          PH: +1 212 957 7600
This information may constitute attorney advertising in certain jurisdictions.