Path Settles With FTC On Alleged Violations Of COPPA, Pays $800,000 Fine

Popular social networking service Path, who allegedly violated the Children’s Online Privacy Protections Act (COPPA) by collecting kids’ personal information without their parents’ consent, has reached a settlement with the Federal Trade Commission (FTC) agreeing to pay a fine of $800,000 (via GigaOM). The company has also agreed to purge over 3,000 accounts from the network.

FTC has settled with Path as part of its ongoing effort to make sure companies live up to the privacy promises they make to consumers, and that kids’ personal information isn’t collected without their parents’ consent. Path, that allows users to keep journals about “moments” in their life and to share that journal with a network of up to 150 friends, was charged by FTC for its misleading iOS app, that provided consumers no choice regarding the collection of their personal information.

In version 2.0 of its app for iOS, Path offered an “Add Friends” feature to help users add new connections to their networks.  The feature provided users with three options: “Find friends from your contacts;” “Find friends from Facebook;” or “Invite friends to join Path by email or SMS.”  However, Path automatically collected and stored personal information from the user’s mobile device address book even if the user had not selected the “Find friends from your contacts” option.  For each contact in the user’s mobile device address book, Path automatically collected and stored any available first and last names, addresses, phone numbers, email addresses, Facebook and Twitter usernames, and dates of birth.

Path was also charged for collecting birth date information during user registration, violating the COPPA Rule by collecting personal information from approximately 3,000 children under the age of 13 without first getting parents’ consent.

Through its apps for both iOS and Android, as well as its website, Path enabled children to create personal journals and upload, store and share photos, written “thoughts,” their precise location, and the names of songs to which the child was listening.

The COPPA Rule requires that operators of online sites or services directed to children, or operators that have actual knowledge of child users on their sites or services, notify parents and obtain their consent before they collect, use, or disclose personal information from children under 13.  Operators covered by the Rule also have to post a privacy policy that is clear, understandable, and complete.

Dave Morin, Path’s founder and chief executive officer, has said that the company has identified the accounts and has implemented changes to its sign-up process that automatically caught the underage sign-ups.