Photo: Mike Cassidy, Facebook
Last February, mobile social network Path made an expensive mistake.Like many apps, it asked users if it could search their mobile contacts to make friend suggestions upon signup.
Unlike many apps, Path never deleted the information from its servers. Even though it says it never used the stored information, it shouldn’t have kept the data in the first place. And because there were minors on the social network, Path’s error violated COPPA (Children’s Online Privacy Protections Act).
Today, the Federal Trade Commission announced that Path paid an $800,000 settlement fee for storing private data for underage users. There were 3,000 minors on its network. Path now has more than 5 million users.
For the next 20 years, Path is required to have its privacy policies assessed every 24 months. It also had to purge any stored data for users under the age of 13.
In addition to dealing with the FTC, CEO Dave Morin also felt Apple’s wrath. Tim Cook reportedly yanked the former Apple employee into his office and demanded an explanation.
It’s a good thing Path has raised multiple millions. For most startups, a mistake like this would cost them the business.
Today the United States Federal Trade Commission (FTC) announced that it reached a settlement pending court approval with Path regarding alleged violations of the Children’s Online Privacy Protections Act (COPPA). The gist of the FTC’s complaint is this: early in Path’s history, children under the age of 13 were able to sign up for accounts. A very small number of affected accounts have since been closed by Path.
As you may know, we ask users’ their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.
We want to share our experience and learnings in the hope that others in our industry are reminded of the importance of making sure services are in full compliance with rules like COPPA. From a developer’s perspective, we understand the tendency to focus all attention on the process of building amazing new things. It wasn’t until we gave our account verification system a second look that we realised there was a problem. We hope our experience can help others as a reminder to be cautious and diligent.
Throughout this experience and now, we stand by our number one commitment to serve our users first.