Under the settlement, Path will pay an $800,000 fine, establish a comprehensive privacy program, and be required to obtain independent privacy assessments every other year for the next two decades. A report in February of last year detailed the disappointing privacy protections in apps aimed at children, such as those alleged in today’s settlement.
The announcement came at the same time the FTC released a report of recommendations for privacy protections on mobile devices, which grew out of a May 2012 workshop with industry and consumer representatives, and provides non-binding guidance on mobile privacy for consumers, app developers, and platform development — much of it focused on providing adequate disclosure about what information is being collected and for what purpose, rather than directly limiting the collection of data.
Forty-five percent of adults in the U.S. and two-thirds of young adults owned a smartphone as of September 2012, and those users care about the security of their personal information according to the press release accompanying today’s report:
“[...]57 percent of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons. Less than one-third of Americans feel they are in control of their personal information on their mobile devices.”
But while today’s settlement announcement and recommendations represent a step in the right direction for mobile privacy, their limited scope provides even more evidence that the FTC doesn’t have the authority necessary to protect American consumers in the digital age. An $800,000 fine to a company valued at $250 million amounts to a slap on the wrist and the mobile privacy recommendations are just that: Non-binding guidelines for behavior, not actual privacy standards mobile app or platform developers will be held accountable to.