On Friday, the Federal Trade Commission announced that social networking company Path has agreed to settle charges over improper collection of information on children. According to the agreement reached with federal regulators, Path will pay $800,000 to settle the privacy charges and will also submit itself to 20 years of independent privacy reviews.
Path, which is based in San Francisco landed in soup last year, when an independent software developer in Singapore found out that the company’s iPhone application was independently uploading address book data from users to Path’s own servers without user permission.
At the time of the controversy, Path CEO Dave Morin had apologized and announced that the company had deleted all information it had collected without user permission. However, on Friday, the FTC revealed that in addition to uploading and accessing address book data of users, Path had also broken federal privacy laws by collecting the personal information of about 3,000 children without parental consent.
On Friday, Path acknowledged their mistake in a company blog and admitted that it had failed to reject children under the age of 13 in its user-registration setup.
Path stated, “There was a period of time where our system was not automatically rejecting people who indicated that they were under 13 … Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any underage accounts that had mistakenly been allowed to be created.”
Under the settlement with FTC, Path would establish a comprehensive privacy program with regular and independent privacy audits every alternate year and continuing for the next 20 years.