The real stuff starts on page 12
There are always little idiosyncrasies in these things, like, for example "Defendant shall provide the initial Assessment by overnight courier (not the U.S. Postal Service) to the Associate Director for Enforcement".
I'm not sure what triggered them to add that, but google searching '"not the U.S. Postal Service" ftc' pulls up a crap load of consent decrees.
I'm not sure why you'd try to piss off the FTC though.
I think the former name of "Delivery Confirmation" is where the confusion comes from. They recently changed that to "USPS Tracking" (I'm guessing to avoid confusion).
The USPS is not that slow for how cheap they are. In fact I feel bad for them. The post office in Redmond just had to close and I think it was because of budget. It doesn't seem like they're doing too well against their private competition. But I doubt it's because their tracking system is inferior.
In a nutshell, that is why they are failing: an antiquated product with horrible service and little to no accountability.
Like most people who work in cubicles, I work 8-5. The nearest PO to my home is open M-F 8-4:30. The next closest is open M-F 8-5 and Saturday 9-12. That means I've got a single 3-hour window if I need to pick up a package or do something that requires human interaction. If I happen to be out of town or busy during that short window, I have to wait until the next weekend.
As has been discussed before, the majority of a bank's income is not on personal checking and savings accounts. For most larger banks, it's an ancillary service that they really don't try that hard to compete for most of the time. The real money is in business accounts and lines of credit (both personal and business). Even so, my local bank is open 10-7 every weekday as well as Saturday mornings and Sunday afternoons.
They've come a long way with online address forwarding, usps.com/redelivery, and other online features, but the window hours are terrible and it's endemic of the USPS' apathy with regard to customer service.
Sidenote: after the address book debacle people are pretty quick to jump to conclusions about what the fine was really for though.
EDIT: I missed when originally reading the post that the fine was for violating COPPA, while the other provisions (privacy assessment every 2 years) are for their privacy violations.
If you really choose to control your Facebook privacy, you can do it but then the engagement experience becomes very limited. Facebook gives you controls but then it's given in a manner that it becomes a choice between use it or not use it.
Everyone gets one sooner or later, it seems. It's a giant PITA, but everyone has the audit infrastructure in place by now, so I wouldn't expect it to matter too much.
Probably, or else Path2 made of the same investors could buy Path and get out of the agreement.
Huh? Path is a company, they broke the law, and were investigated and fined as a result. How is that "stunning"? It happens all the time.
It's got almost nothing to do with "startup culture", it is just a business that didn't play by the rules.
I believe the answer is somewhere in the question.
And the FTC policing COPPA isn't really new either:
Complex answer: How you determine if the person is under 13 and how you get the parents permission can be done a lot of different ways. Some of the most popular is doing a test charge against a credit card number, assuming kids won't have those.
You only have to take action to get parent's permission if:
a) Your site or app is very specifically targeting children (LEGO or Disney for example)
b) You have asked for some information from the user that positively identifies them as a child - birthdate is the main one
Path were fined because they asked for birthdate during the signup process and then allowed registration even if the user was under 13.
It is unlawful for an operator of a website or
*online service directed to children*, or any operator
that has *actual knowledge that it is collecting
personal information from a child*, to collect personal
information from a child in a manner that violates the
regulations prescribed under subsection (b) of this section.
* service directed to children (LEGO, Disney etc)
* actual knowledge that it is collecting information from a child (birthdate, age etc)
My understanding was from internal legal guidance at a previous company I consulted for but I haven't worked on COPPA projects for a few years so I don't know if there have been any major cases.
In any event Path specifically asked for birthdates and then allowed children to carry on and use the service with no changes which is a violation that should have been spotted by anyone with some understanding of COPPA.
I thought that there were 2 options with COPPA compliance: Allow <13s to register and have an email sent to their parents IF they select that they are under 13 OR disallow under 13s through a terms of service "Do not register if you are under 13" type clause. Is that not compliant?
Absolutely categorically not.
A ToS clause alone has been tested and found not compliant.
For a while, when the ToS clause was tested and failed, the panic reaction acid test was asking for a valid CC.
Over the past decade best practice has relaxed to a gating page asking for confirmation of over age, or, for the more cautious, asking for the user to explicitly provide their birth year (not birthday).
Then you can CFAA those little twerps.
But this isn't to discredit privacy concerns at all. Google anonymizes its users so that individuals aren't identified. This is a better approach compared to other questionable "targeting methods".