In what way did Path "get a pass?" They got a lot of negative press, and it brought attention to this issue (hence blog posts like this one). Sure, people got vocally angry and then quickly forgot about it, but that's just what people do. It even happens with far worse things, like police brutality or even unwise invasions of countries.
What specifically do you want to happen? You say you want "Silicon Valley" to "publicly and vocally [condemn] this type of activity," but what would that actually mean? Last I checked, "Silicon Valley" doesn't exist as some unified entity that can issue public statements. Heck, Hacker News is some approximation of the culture of Silicon Valley, and the front page was filled with rage.
Also, incidentally, I find it interesting that you cite a dictionary definition for a word that in no way corroborates your usage of the word, even though I think I agree with your underlying point. Path didn't "take and carry away" anything, and the contacts on your phone hardly constitute "personal goods or property."
Do a search on Twitter for the top tweets that link to Path's blog apology. Nearly every major figure in tech (99% in "The Valley") just accepted their apology and moved on.
Wouldnt have happened with other companies like Google or Facebook and shouldnt have happened here.
What's the alternative to accepting their apology and moving on? Short of organizing a mass exodus from Path, or pushing for legal action (which the author doesn't seem to be proposing), what can be done? The only alternative I can think of is for the community to keep repeating itself over and over again, like "We're still outraged."
> Wouldnt have happened with other companies like Google or Facebook and shouldnt have happened here.
People move on quickly after Google or Facebook screw up. There have been several times where people were enraged at Facebook's default privacy settings, and I never saw much discussion 24 hours after each story broke. The same goes with Apple: I can't recall any privacy-related issues other than the coordinates being stored on the phone, but a similar issue was all of the weird app rejections and fuzzy rules surrounding the App Store. Each time, people were outraged, and then the discussion cools down. I think this is inevitable, and I don't think it necessarily means that no good came out of the situation.
Path's error was not the uploading of your address book, but rather making it not be a user choice. The data was used directly in the functionality of the product. The level of actual usefulness this would be to the user is debatable but it isn't a direct utilization of your data for benefit, the benefit to Path is an indirect one (but then, everything any company does is primarily for their benefit, just indirectly through providing utility to the customers).
If Path was taking your address book and selling it to spammers, and forgot to make that opt-in or out (as many services do), then after being confronted with this apologized and made that optional. That would NOT BE OK. That's what Facebook and Google would have likely done (since that's basically their business model), and likely why you have the impression that they wouldn't be let off the hook as easily.
What Path was actually doing with the address book is crucial here to whether the apology and quick response to amend their ways (FB and G tend to seriously drag their feet on responses) should result in forgiveness and caution towards them in the future, or the harsher response you advocate.
Do not misconstrue this as Path apologism, because I do think what Path did was very wrong--hence the requirement for them to apologize in a way that I thought was sincere and comprehending of the source of the outrage (many similar apologies are tone deaf and come off like "I am sorry you are having a problem" vs. "I'm sorry we caused a problem")--I just think they haven't made a deep ethical mistake, but rather an unfortunate oversight well deserving of castigation that they've begun to atone for.
Path may have not sold your personal data to third party advertisers to target you with, but Path wanted and used your address book for the same reason those third party advertisers would have wanted it: to promote their own product to you and your friends.
After they took people's contact info without asking, they had to make it up to their customers. They deleted the info immediately, updated the app, and issued a sincere apology. This is the opposite of "condoning" their actions.
I think their return volley on this was pretty solid. They made a mistake. Did they know they were making it and did they do it deliberately? I am probably naive here, but I don't think they did.
It's going to be low, because of the app itself. Seriously, if you've never used the app you might want to educate yourself before making such statements.
Limiting the number of possible friends means a smaller network, and a smaller user base.
Path is dead in the water and nobody cares. Those who expressed sympathy over their handling of the nerd pressure were doing so more to signal for future times that the correct action was taken by Path's management. It means something to the industry that not everyone is a Curebit or similar, even though what they did was a premeditated act of douchebaggery.
Which brings me to another topic: it's hard out there to be successful and always do the right thing. Sometimes you'll have to cut corners in the attempt to gain an edge, however meaningless an inconsequential to the big picture it may seem at the time, because big strong companies are built on a stream of small, repetitive successes, not big wins.
IANAL - but with the DPA and other EU data/privacy laws: at the point that the data was collected inside but transmitted outside the EU. Its treated somewhat like an export, or a border control. (this is why Apple allow you to preclude your app from certain local markets; enter the market, and you ARE bound by its laws for your actions in that market)
On the other hand; DPA violation doesn't result in prison, just a (potentially large) fine.
On the third hand, its quite possible that Path did not violate the DPA (although its possible they did). The DPA, in short states that you have to gather personal info for a specific, consensual purpose, and not use it for any other, and also store it in a way that protects it from loss/theft/misuse - where misuse includes deciding 6 months down the line to use it for another purpose. It also means that if your 'purpose' for holding that information ceases, you are legally obligated to purge the data - your legal permission to hold ends.
So; was there consent - almost certainly not, hence possible DPA violation. But once it was clear they had no broad public consent - they immediately purged the data, so possibly no _deliberate_ violation, and certainly a demonstration of willingness to correct the situation.
We live in times where owning a ".com" domain can get you extradited if you don't abide by the law of the US.
I'm not sure of the Data Protection Act has any limitations on which companies it covers, but since Path put an app in the UK App Store (they could have easily excluded it), that would seem to be ample jurisdiction from my armchair-internet-lawyer standpoint.
[For the record, I don't think they should go to jail]
What specifically do you want to happen? You say you want "Silicon Valley" to "publicly and vocally [condemn] this type of activity," but what would that actually mean? Last I checked, "Silicon Valley" doesn't exist as some unified entity that can issue public statements. Heck, Hacker News is some approximation of the culture of Silicon Valley, and the front page was filled with rage.
Also, incidentally, I find it interesting that you cite a dictionary definition for a word that in no way corroborates your usage of the word, even though I think I agree with your underlying point. Path didn't "take and carry away" anything, and the contacts on your phone hardly constitute "personal goods or property."