A San Francisco-based app operator will pay $800,000 to settle Federal Trade Commission (FTC) charges that it violated the Children's Online Privacy Protection Act (COPPA) by collecting youngsters' personal information without parental consent, the agency announced Friday.
The FTC alleged that the company's app, also called “Path,” collected the personal data of about 3,000 children – information from their phone address books, including names, addresses, phone numbers, email addresses and dates of birth.
The app is marketed as a virtual journal, where users can upload and share photos, written thoughts, songs and their geographical locations with other users. It is available for iOS and Android mobile operating systems.
In addition to allegations about the collection of children's information, the FTC alleged that Path also misrepresented how and what information was obtained from all of its users.
From November 2011 (when the 2.0 version of the Path app for iOS was released) through February 2012, the app automatically collected and stored personal information, like users' names, addresses, phone numbers, email addresses, Facebook and Twitter usernames and date of births – data assumed accessible only if users opted to use a feature that searched for their friends on social networking sites or phone contact lists.
Path was among the iOS 6 apps that raised public concerns about privacy last summer. In June, Apple tightened its data privacy rules, requiring developers to obtain explicit permission from users before an app accessed their phone contact lists, calendars, reminders, or photos.
UPDATE: Last Friday, Path posted a statement about the FTC settlement on its website.