“…Path automatically collected and stored personal information from the user’s mobile device address book. This practice, we believe, was deceptive and violated the FTC Act. We also believe that Path collected information from children under 13 without obtaining parental consent, in violation of the Children’s Online Privacy Protection Act.
Path agreed to pay an $800,000 civil penalty.” (Outgoing FTC Chair Jon Leibowitz)
On February 1, the Federal Trade Commission sent an important signal to mobile app developers everywhere: consumer privacy is paramount to your future.
Don’t believe it? Just ask Path, the social networking app hit with an $800,000 fine and 20 years of probation for unlawfully collecting user information and violating the Children’s Online Privacy Protection Act (COPPA).
Five early takeaways from the FTC-Path story, for app developers:
1. Tell the truth about data collection:
2. Violating consumer privacy carries a significant cost:
“For a relatively new startup like Path, the $800,000 fine is a significant deterrent measure and signals the FTC’s serious commitment to consumer, especially child consumer, privacy… Accordingly, mobile developers should look to this settlement, and the underlying charges, as a touchstone going forward.” (Sheppard Mullin)
3. Federal regulators are just getting started:
“The FTC settlement is a lesson for both start-ups and established companies as the FTC is getting increasingly aggressive in addressing privacy breaches. As illustrated by the outgoing FTC Commissioner’s comment on the Path settlement: ‘… This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans.’” (Cohen & Gresser)
4. The FTC isn’t the only one to worry about:
“The Path settlement illustrates the serious consequences for app developers and others when it comes to privacy-related statements and practices… The bottom line is that consumer privacy issues remain at the forefront for regulators, raise the potential for private class action litigation, and appear likely to garner increased legislative attention.” (Wilson Sonsini)
5. The terms of Path’s settlement may well become rules for all:
“Even though this … is ostensibly limited to Path, the Order sets a potential precedent for the regulation of the collection and usage of data in ‘non-obvious’ or secondary situations. The FTC has emphasized the importance of heightened notice and express consent for these types of data collection, and in the just-released Mobile Privacy Disclosures Report, the FTC recommends that apps provide ‘just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information.’ Here, however, the FTC has made it a legal requirement that Path do the same. Express consent under these circumstances would be a new requirement, and this case sets the FTC on that ‘path.’” (Morrison & Foerster)
- Path/FTC Settlement - Much More Than A Slap On The Wrist - Sheppard Mullin Richter & Hampton LLP
- FTC Releases Guidance on Mobile Privacy Best Practices; Enters Into $800K Consent Order with Path - Reed Smith
- Social Networking Mobile App Developer Agrees to Pay $800,000 and Implement Comprehensive Privacy Program to Settle Claims for COPPA Violations and Deceptive Privacy Practices - Wilson Sonsini Goodrich & Rosati
- FTC Announces Important Settlement with Social Networking App and Releases New Mobile App Report - Morrison & Foerster LLP
- FTC Fines Path Mobile Social Networking App $800,000 for Privacy Breaches - Cohen & Gresser LLP
- FTC Announces New COPPA Enforcement Action & Mobile Privacy Staff Report – BakerHostetler
Read additional legal commentary and analysis on the Path settlement»