July 25, 2014

Path / Federal Trade Commission (“FTC”) Settlement - Much More Than A Slap On The Wrist

On February 1, 2012, “smart journal” application provider, Path, Inc. (“Path”) agreed to settle Federal Trade Commission (“FTC”) charges that it deceived consumers and improperly collected personal information in violation of the FTC Act and the Children’s Online Privacy Protection Act (“COPPA”). Mobile platforms and application providers should take note of this settlement and the underlying charges in order to avoid potentially onerous fines associated with such privacy violations.

Path describes its social networking service as a way to “keep a personal journal, or ‘Path’, of your life.” Through the “Path App”, a user can upload, store and share photos, written journal entries, current locations and songs. The FTC initiated its action against Path in February of 2012, taking issue with the method by which Path was collecting and storing personal data. Specifically, the FTC pointed to the “Add Friends” feature that provided users with three options: “Find friends from your contacts; “Find friends from Facebook;” and “Invite friends to join Path by email or SMS.” Regardless of whether the user elected to “Add Friends,” Path automatically collected the first name, last name, address, phone number, email address, Facebook username, Twitter username and date of birth for each contact in the user’s mobile device address book. According to the FTC’s complaint, “the user had no meaningful choice as to the collection and storage of personal information from the user’s mobile device contacts, and the user interface options were illusory.” In addition, the FTC argued that Path knowingly accepted registrations from approximately 3,000 children under the age of 13, without first obtaining parental consent, and collected personal information for each contact in the child registrant’s mobile device address book.

Path’s automatic information collection diverged from its Privacy Policy, which stated that Path automatically collected only certain information such as IP address, operating system, browser type, address of referring site and site activity stats. Therefore, the FTC argued that the automatic collection constituted a deceptive act or practice in violation of section 5(a) of the FTC Act, 15 U.S.C. § 45(a). In addition, the FTC asserted that PATH violated COPPA, through its collection of information from children under the age of 13, by failing to: (a) post a privacy policy on its website that provided notice of its information practices, including what information it was collecting from children online, how it used such information, and its disclosure practices for such information; (b) provide notice of its collection practices, including specific disclosures, directly to parents; and (c) obtain verifiable parental consent prior to collecting, using, and/or disclosing personal information from children.

The settlement requires Path to establish a “comprehensive privacy program” and to obtain independent privacy assessments every other year for the next 20 years. Path is also prohibited from making any misrepresentation about the extent to which it maintains the privacy and confidentiality of consumers’ personal information and must delete information collected from children under the age of 13. Perhaps most importantly, Path must pay $800,000 to settle the COPPA charges.

For a relatively new startup like Path, the $800,000 fine is a significant deterrent measure and signals the FTC’s serious commitment to consumer, especially child consumer, privacy. It is no mistake the FTC announced this settlement on the same day that it released guidelines on how to improve mobile privacy disclosures. Accordingly, mobile developers should look to this settlement, and the underlying charges, as a touchstone going forward.

Copyright © 2014, Sheppard Mullin Richter & Hampton LLP.

About the Author


Ms. Hines is an associate in the Business Trial Practice Group in the firm's New York office.


Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unles