App owner to pay $800k to settle child privacy charges

Share this article:

A San Francisco-based app operator will pay $800,000 to settle Federal Trade Commission (FTC) charges that it violated the Children's Online Privacy Protection Act (COPPA) by collecting youngsters' personal information without parental consent, the agency announced Friday.

The FTC alleged that the company's app, also called “Path,” collected the personal data of about 3,000 children – information from their phone address books, including names, addresses, phone numbers, email addresses and dates of birth.

The app is marketed as a virtual journal, where users can upload and share photos, written thoughts, songs and their geographical locations with other users. It is available for iOS and Android mobile operating systems.

In addition to allegations about the collection of children's information, the FTC alleged that Path also misrepresented how and what information was obtained from all of its users.

From November 2011 (when the 2.0 version of the Path app for iOS was released) through February 2012, the app automatically collected and stored personal information, like users' names, addresses, phone numbers, email addresses, Facebook and Twitter usernames and date of births – data assumed accessible only if users opted to use a feature that searched for their friends on social networking sites or phone contact lists.

Path was among the iOS 6 apps that raised public concerns about privacy last summer. In June, Apple tightened its data privacy rules, requiring developers to obtain explicit permission from users before an app accessed their phone contact lists, calendars, reminders, or photos.

UPDATE: Last Friday, Path posted a statement about the FTC settlement on its website.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.