Social Networking Company to Pay $800,000 for Collecting Personal Information from Minors

The company that operates Path, an online social networking application, agreed to pay an $800,000 penalty to settle charges that it violated the Federal Trade Commission (FTC) Act and the Children’s Online Privacy Protection Rule, the Justice Department announced today.  

 

In a complaint filed on Jan. 31, 2013, the United States alleged that San Francisco-based Path Inc. violated the Children’s Online Privacy Protection Rule by collecting personal information from children under the age of 13 without obtaining parental consent. According to the complaint, in over 3,000 instances, Path collected personal information from the address books in children’s mobile devices, including the names, addresses, phone numbers and email addresses of the child’s contacts. Path also collected personal information from children during the registration process and by allowing them to post content online.  

 

“The rules established by the Children’s Online Privacy Protection Act play an important role in keeping kids safe online,” said Stuart F. Delery, Principal Deputy Assistant Attorney General for the Civil Division. “Companies that market to children must respect their privacy by getting parental consent before collecting any personal information, and the Justice Department will work with the FTC to ensure that they do.”

 

According to the complaint, Path also violated the FTC Act by failing to disclose to consumers that it was automatically collecting information from users’ address books on their mobile devices. Path’s privacy policy and “Add Friends” feature led consumers to believe that this information would be collected only with the user’s consent.  

 

Along with the civil penalty, Path agreed to an injunction barring future violations of the FTC Act and the Children’s Online Privacy Protection Rule. Path further agreed that it would delete all information previously collected from children under age 13, implement a comprehensive privacy program, and submit to regular assessments by an independent third party.  

 

The FTC, which oversees the Children’s Online Privacy Protection Rule, referred the case to the Justice Department. The lawsuit, United States v. Path Inc., was filed in the Northern District of California.

 

Principal Deputy Assistant Attorney General Delery thanked the FTC for investigating this matter and referring it to the department. The Consumer Protection Branch of the Justice Department’s Civil Division brought the case on behalf of the United States.