FTC fines Path $800,000 for privacy breach, issues new mobile guidelines


The Federal Trade Commission issued new guidelines in an effort to increase transparency in how mobile app developers, app stores and other industry players store information about users. The news comes on the heels of another FTC announcement: Social networking app Path was fined $800,000 for violating the privacy of its underage users. 

FTC Report

The FTC released Mobile Privacy Disclosures.

Path and the FTC came to a settlement after the app was found guilty of collecting information about users under the age of 13, a violation of the Children's Online Privacy Protection Act (COPPA) Rule. Path is required to create a privacy program and to have biennial privacy assessments for the next 20 years. 

"As you may know, we ask users' their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13," stated Path in a blog post. "From a developer's perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn't until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent."

Last year Path also came under fire for uploading users' address books to its servers without their express consent.

"This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans," said FTC Chairman Jon Leibowitz in a statement on the FTC site.

The FTC's mobile guidelines include different best practices for app developers, mobile marketers, mobile platforms and app trade associations.

"The mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago," said FTC Chairman Jon Leibowitz. "These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive."

The FTC's Mobile Privacy Disclosures report suggests that mobile platforms implement a Do Not Track (DNT) mechanism for mobile users, to allow users to opt-out of being tracked by ad networks or other third-parties. In addition, app developers are encouraged to create clear privacy policies so that apps can obtain express consent before accessing or sharing user information.

"Today's enforcement from the FTC on mobile privacy is the first major step from a government entity to address neglectful and malicious practices that compromise consumer privacy in the mobile app world. Now, the responsibility to honor these recommendations falls on the entire technology industry, from App Stores to developers and solution providers like IP Lasso," stated IP Lasso, a startup that monitors apps.

For more:
- see this Path blog 
- see this FTC webpage and this webpage 
- see the full Mobile Privacy Disclosures report 
- see this Verge story
- see this release

Related articles:
Mobile app privacy draft bill would let users delete stored data 
FCC's guidance on site modifications won't settle much
The stalking apps bill raises questions all developers should answer 
California sues Delta Airlines over mobile app privacy violations 
StrikeForce introduces MobileTrust to thwart mobile hacking