Path, Inc., the operator of the Path social networking app has settled FTC charges that it made deceptive privacy claims and violated the COPPA Rule, agreeing to pay $800,000 to the Commission. According to the FTC's complaint, Path's iOS app contained an "Add Friends" feature that provided three choices to users: "Find friends from your contacts," "Find friends from Facebook," or "Invite friends to join Path by email or SMS." Regardless of the choice selected by consumers, however, the FTC states that Path automatically collected personal data (first name, last name, address, phone numbers, email addresses, Facebook and Twitter username, and date of birth) from each person in the users' mobile device address book and stored the information on its servers. In fact, the FTC alleges that the app automatically collected this information every time the user signed in to the service after signing out. Path's privacy policy stated, however, that the only automatically collected information such as IP address, operating system, browser type, and site activity. According to the FTC, Path had thus engaged in false and deceptive practices in violation of the FTC Act. In addition to the FTC Act charges, the Commission also alleged that Path failed to live up to its COPPA Rule responsibilities, which were required because Path collected birth dates from users during registration, giving Path actual knowledge that about 3,000 of its users were under 13. Path allegedly violated two provisions of the COPPA Rule. First, Path did not provide parental notice or obtain parental consent before collecting, using, or disclosing the children's information. Second, Path did not post a clear, understandable, and complete privacy policy spelling out its collection, use, and disclosure practices for children's personal information. Path settled the COPPA Rule violations for $800,000 and has agreed to delete information collected from kids under 13. As part of the settlement reached with the FTC, Path has agreed not only to pay civil penalties, but also to biennial privacy audits from an independent third party.

TIP: The FTC is increasing its focus on the practices of mobile app operators. Companies with apps should ensure that the same precautions taken for online compliance are taken in the mobile world. This includes verifying the accuracy of privacy policies and ensuring compliance with COPPA.