By IT-Lex Intern Eric Everson (LinkedIn)
In today’s Big Data environment, data collection is a common thread throughout mobile app development. It is however the collection of personal data that landed Path, the social networking app developer, in hot water with the U.S. Federal Trade Commission.
Under a civil penalty settlement, Path agreed to pay $800,000 resulting from data collection practices that allegedly violated the U.S. Children’s Online Privacy Protection Act (COPPA) by collecting personal information from approximately 3000 children under the age of 13 without first getting their parents’ consent. Additionally, the settlement requires Path to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next twenty years.
As millions of mobile users are turning to their smartphones and tablets for apps, this settlement provides a wake-up call to developers regarding the sensitive data they are collecting and its intersection with the law. The Path social networking app allows users to establish journals where they can store and share photos, entries, their location, and the music playlist they are listening to. Users of Path can share this information with their network of up to 150 friends.
In its complaint, the FTC charged that the Path user interface (an iOS app) was misleading and provided users no meaningful choice about the collection of their personal information. With its app, Path automatically collected and stored personal information from the users’ mobile device address book even if the user had not selected the “find friends from your contacts” option. The end result established a database containing personal information data from approximately 3000 children under the age of 13.
It is unclear from the settlement whether Path identified the vulnerability of collecting such COPPA protected information prior to the FTC investigation. This settlement marks the importance for Privacy Law Risk Assessments conducted by technology attorneys. Privacy Law Risk Assessments provide a survey of the privacy law frameworks that mobile app developers and website developers may encounter and can be tailored by state, nation, or globally. These assessments should be considered a critical component of the digital risk strategy of any business that has a website or mobile app. Here, the failure of Path to conduct such an assessment presented the young company with a million dollar misstep that they will have to monitor closely for the next 20 years.
§ One Response to App Developer Pays Big Penalty For Alleged COPPA Violations
Leave a Reply
You must be logged in to post a comment.