With the development of the internet, in particular, social networks and applications, it’s never before been easier to collect, analyze and store these different arrays of data on a large amount of individual human beings and to store all this data on servers for an economic friendly price. The earliest form of this was first seen in the 1950's and as you may have guessed, it’s your credit score.
Information brokers collect information about individuals from the public and private sectors, including the United States Census, Department of Motor Vehicles, and user created and submitted content such as Twitter, Facebook, LinkedIn, etc. This information is widely used for targeted marketing and with that, the data aggregated is used to create actual individual “user profiles”. A good way to think of it is a huge folder, with things you like, dislike, your political preference, etc. Now of course there are a handful of companies that do this specifically, but in my opinion Path definitely isn’t one of them.
A company that does this, and one of the predominant ones at that, Acxiom, has said (quoted here) from the Senate.gov website, that they have files of over 10% of the human population, which equals to about ~700 million people, with over 1500 pieces of information per customer /human— here’s the snippet from the PDF I got from the Senate.gov website:
By design, data is captured and stored in a variety of different ways, but the issue at hand is “what type of data is being stored, captured, and what’s this data being captured being used for?”. Now the social network Path has over 23,000,000 registered users, with Indonesia being their biggest userbase with over 4,000,000 active users daily. In early 2013, Path was fined $800,000 for storing data and data scraping from “underaged” users, even though in the TOS it reads:
So it begs the question, why wasn’t this looked at more in depth? From a developers perspective, Path was doing what it’s designed to do. For some reason I can’t help but feel bad for Path, although this can of worms is behind Path (they’ve even sold the company since), I think it’s safe to say there’s a bigger problem here, and this really wasn’t a “Controversy”.
As wikipedia states, In 2013, I contended the notion that Path was sending Spam SMS’s out to other people (via using their data), it was said to have happened on somebody’s blog, I quote here: “I’m pretty sure I didn’t opt in…”. Essentially meaning, when singing up, he didn’t give permission for this to happen, although, I don’t think this really happened.
If there’s anything to be learned about Path’s misfortune in this event, business is delicate, especially in the early stages of a business and in the end, you can’t make every single last person happy, this wasn’t a “controversy”. This rather was a “developer error” that would have had a different outcome if a simple “auto rejection” function was implemented. Ironically Path is now subjected to have its privacy policies assessed every two years for the next twenty years or so years by the FTC.