The Federal Trade Commission’s $800,000 settlement with social network Path last Friday offered more evidence that federal and state regulators will be active participants in defining better ways to protect consumer privacy in an era of interactive finance. In this case, the FTC trained a light on the vexing question of design and how companies should disclose honestly, efficiently, and effectively how they will use a customers’ personal information -- without making customers overly anxious.

The legal case against Path spotlighted the collection of data for 3,000 children under age 13, but the implications of this case extend well beyond a case of preying on kids. It really highlights the challenges for any company that seeks to mine personal data. That obviously starts with app developers like Path, but it also affects personal finance management (PFM) players that include banks and credit unions, card networks, billers, mobile carriers -- and anyone who aims to play in the mobile space.

So, yes, I mean anyone. It is but the latest sign that regulators are pressing the industry to self-police – or else – and that states will turn up the heat if the feds move to slowly:

Path is a social networking site that enables users to compile a “smart journal that helps you share life with the ones you love.” Bu the FTC alleged in its complaint that Path didn’t give users a real choice about their sharing in version 2.0. Path gave users three options:

  • “Find friends from your contacts,”
  • “Find friends from Facebook,” and
  • “Invite friends to join Path by email or SMS.”

The FTC noted that Path already was automatically sneeking into their users’ mobile address book to cull first and last names of friends, their Facebook and Twitter user names, and their birthdays. Path also collected more information about its own users.

Path’s privacy policy said it would collect information such as IP address, operating system, browser type, address of the referring site, and site activity. In truth it also collected and stored personal from the user’s mobile device address book every time they signed on.

(Addendum: VentureBeat has reported that Path also appears to have inadvertently collected geotag information on images that users post.) The upshot is that Path owes an $800,000 civil penalty and faces 20 years of privacy assessments. But companies like Path and Delta are just the first to serve as examples of how regulators are pushing for more transparency on privacy.

Author

About Mark Schwanhausser

Mark strategizes how financial institutions can track and serve customers across the channels they use, and provide a consistent, integrated brand and user experience. Mark helps banks and credit unions profitably enable customers to monitor and manage their money more intelligently through technology such as online banking, mobile banking, personal financial management, financial alerts, and technologies on the horizon. 

Mark led the development of Javelin’s Digital Banking Maturity Path, a strategic framework for assessing a financial institution’s ability to deliver advice in digital channels, and the Financial Journey Model, which builds digital banking on a foundation of time-tested personal finance principles. He has also mapped out strategies to upgrade online banking, digital account opening, and financial alerts in a mobile-first era. 

Before joining Javelin, Mark was a personal finance reporter for the San Jose Mercury News. He covered money and emerging trends in financial services and payments technology.

Mark has a bachelor’s degree in journalism from the University of Missouri at Columbia and attended Antioch College.

Stay in Touch!