Business Insurance will be back online in October. Please check back then to subscribe/register.

All existing subscriptions will be honored. Contact info@businessinsurance.com with any questions.

ARC: HOW THE PUBLIC AND PRIVATE SECTORS CAN GUARD AGAINST CYBER RISKS

Social network to pay penalty for collecting children's personal data

Path Inc. Social Networking Site

An online social networking firm has agreed to pay an $800,000 penalty for collecting personal information from children younger than 13 without parental consent, the Justice Department said Friday.

The company, San Francisco-based Path Inc., said it has already addressed the issue.

The DOJ said Path violated the Federal Trade Commission Act and the children's Online Privacy Protection Rule by collecting personal information from the address books in children's mobile devices in more than 3,000 instances.

The information collected included names, addresses, phone numbers and email addresses of the children's contacts. Path also collected personal information from children during the registration process and through content they posted online, according to the DOJ.

In addition to violating the Children's Online Privacy Protection Rule, the company violated the FTC Act by failing to disclose to consumers it was automatically collecting information from users' mobile device address books, according to the FTC. Path's privacy policy and its “add friends” feature led consumers to believe the information would be collected only with the user's consent, the DOJ said.

In addition to the penalty, Path agreed to an injunction barring future violations of the laws, that it would delete all information collected from children younger than 13, implement a comprehensive privacy program and submit to regular assessments by an independent third party.

%%BREAK%%

“The rules established by the Children's Online Privacy Protection Act play an important role in keeping kids safe online,” Stuart F. Delery, principal deputy assistant attorney general for the DOJ's civil division, said in a statement. “Companies that market to children must respect their privacy by getting parental consent before collecting any personal information, and the Justice Department will work with the FTC to ensure that they do.”

Path said it had already corrected the problem.

“The gist of the FTC's complaint is this: Early in Path's history, children under the age of 13 were able to sign up for accounts. A very small number of affected accounts have since been closed by Path,” the company said in a statement.

“We ask users their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created.”

Path also said it is committed to serving its users first.

“It wasn't until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent,” the company said in the statement.

More from BI