Even as he announced he was heading for the exit -- Feb. 15 --
Federal Trade Commission chairman Jon Leibowitz sent a signal that the
commission remains focused on online privacy, in this case app privacy. That
included a settlement with one app company, a new report on mobile app privacy
disclosures and a set of mobile app best practice guidelines for protecting
information.
According to the FTC and Justice Department, social
networking app Path agreed to pay $800,000 to settle charges that it collected
personal information online from kids younger than 13 without securing their parents' consent,
which violates the Children's Online Privacy Protection Act.
In a complaint filed Jan. 31 in the Northern District of
California, the FTC and DOJ cited over 3,000 instances where Path collected
personal information from address books using the mobile app, including names,
addresses, phone numbers and email addresses. It also collected info when kids
registered or accessed content, the agencies said.
Along with the $800,000 civil penalty, Path agreed to delete
all info it had collected from kids younger than 13 and promised not to violate
the Children's Online Privacy Protection rule in the future. It must also
"implement a comprehensive privacy program, and submit to regular
assessments by an independent third party." Those are similar to
requirements placed on Google in an FTC settlement over online privacy issues.
Path blogged that the problem has already been corrected. "As you may know, we ask users' their birthdays during the process of creating an account," the company said. "However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13. Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any underage accounts that had mistakenly been allowed to be created."
"Over the years the FTC has been vigilant in responding
to a long list of threats to consumer privacy, whether it's mortgage
applications thrown into open trash dumpsters, kids' information culled by
music fan websites, or unencrypted credit card information left vulnerable to
hackers," said Leibowitz in a statement that had the ring of a valedictory
address. "This settlement with Path shows that no matter what new
technologies emerge, the agency will continue to safeguard the privacy of
Americans."
The court has to accept the settlement for it to be
official, though that is essentially a pro forma step.
In addition to the settlement, the FTC Friday released a new
study, Mobile
Privacy Disclosures, with a host of recommendations -- which could be
viewed as the chairman's parting advice on how to avoid regulation. Those
included "considering" a do-not-track regime for smartphones,
standardized privacy policies, getting affirmative consent before accessing
sensitive data -- like geolocation -- and much more.
"The FTC should be applauded for continuing down the
path of voluntary recommendations that give companies flexibility to find the
best solution for their particular needs," Daniel Castro, a senior analyst
with Information Technology and Innovation Foundation said in a statement.
"However, while some of these recommendations are in line with current
industry best practices, others reflect an overemphasis on privacy at the
expense of innovation."
The Future of Privacy Forum (FPF) was accentuating the
positive for the most part.
"The FTC report is quite positive about many of the privacy
advances that are taking place in the market," said Jules Polonetsky and
Christopher Wolf, cochairs of the FPF. "The Commission likes Apple's just
in time pop-ups and Limit Ad Tracking features, Google's app dashboard,
industry work on icons, the FPF Design For Trust Project with designer Ilana
Westerman and the California effort that got privacy links into app stores.
"The FTC doesn't propose any new requirements that
would interfere [with] the success of the app ecosystem, other than urging
platforms to play more of a gate keeper role. Although we do agree that
platforms can do more, it is quite likely that in the near future, consumers
will be accessing apps directly across not only from phones, but from
computers, cars, the smart grid and elsewhere. It may be limiting for
regulators and for consumers to rely on platforms to decide which programs are
acceptable on your computer and elsewhere."
Also Friday, the FTC
released a tip sheet for mobile app developers, calling it "a starting
point to help you provide a secure experience for your users," but adding
that the FTC "expects app developers to adopt and maintain reasonable data
security practices."
