In response, Path and the FTC reached a settlement that will require Path to pay $800,000 for the alleged COPPA violation, and for Path to “obtain independent privacy assessments every other year for the next 20 years.”
According to the FTC:
The settlement with Path is part of the FTC’s ongoing effort to make sure companies live up to the privacy promises they make to consumers, and that kids’ personal information isn’t collected or shared online without their parents’ consent. [ . . . ]
In its complaint, the FTC charged that the user interface in Path’s iOS app was misleading and provided consumers no meaningful choice regarding the collection of their personal information . . . Path automatically collected and stored personal information from the user’s mobile device address book even if the user had not [agreed to such collection] . . .
Given the larger regulatory trend, it was only a matter of time before the FTC, and other regulatory bodies, began taking action against entities engaged in the mobile marketplace that fail to ensure that their privacy practices, and associated disclosures, are compliant with existing law. As the Path case makes clear, entities that fail to comply with state and federal privacy practice requirements – even in the mobile space – could find themselves facing regulatory action from the FTC, or state regulatory bodies, which is increasingly resulting in significant fines being levied.
If you are interested in learning more about this topic or need to review your privacy practices and/or update your mobile platform/mobile app privacy policies based on this FTC settlement, please contact us at your convenience.