SAN FRANCISCO (Reuters) - A privacy debate surrounding fledgling social network Path went viral this week, triggering discussions on blogs and on Twitter about how far social networks can go in using members' private data.
Path was sharply criticized in blogs and social media forums this week after an independent software developer revealed that Path's Apple iPhone application uploaded users' address book data to its own servers without permission.
Its travails demonstrate how easily today's social media startups -- which by definition thrive by sharing users' views and information -- can still run afoul of users' privacy sensitivities even at a time of constantly shifting consumer attitudes.
Path, which now has 2 million users, launched in November 2010 to considerable buzz around Silicon Valley. The service has positioned itself as a more intimate and visually appealing version of Facebook -- the social network that weathered a string of privacy controversies of its own as it grew to become a multibillion-dollar company on the brink of going public.
On Tuesday, Arun Thampi, a software developer in Singapore, discovered Path's data uploads and published his findings on his website. The news went viral, sparking commentary on technology blogs and on Twitter.
Other bloggers quickly noted that Path's practice may have run afoul of Britain's Data Protection Act and Apple's App Store policy prohibiting such data access.
Dave Morin, Path's chief executive, responded on Thampi's blog, saying that his company uploads the data to help users find and connect to their friends, and that the company had already rolled out an opt-in mechanism for the Google Android platform that asked user permission before accessing contact data.
Morin later apologized in a blog post on Path's website, adding that the company deleted "the entire collection of user uploaded contact information from our servers."
By then, hundreds of Path users (and many nonusers) had already vented their frustration at Morin through Twitter.
Now, as Path looks to emerge from the episode, its fate may be determined largely by the social network that it hopes to challenge: Facebook.
Facebook's success, and its record of shrugging off the periodic backlash over perceived privacy intrusions, has fundamentally changed consumer attitudes, analysts say.
Facebook has "shown and demonstrated that it can push the boundary of what can be considered private," said Charlene Li, the founder of the Altimeter Group, a social media research company. "Our notions of privacy change over time, based on the utility of that information."
But the problem, analysts say, was that Path did not ask for permission to access users' address books -- even if consumers are increasingly comfortable with the idea.
Ray Valdez, an analyst at Gartner, said the company took a hit to its reputation but will move on.
"It's not a fatal error," Valdez said.
Still, in papers filed last week with the U.S. Securities and Exchange Commission ahead of its highly anticipated initial public offering, Facebook noted explicitly the danger of potential backlashes over privacy. It said that improper access of user information could "harm our reputation and adversely affect our business."
Even if public attitudes toward privacy appear to be softening in a free-sharing era, analysts say such controversies can pose grave threats to fledgling companies that often do not have internal checks -- such as chief privacy officers at larger companies like Facebook.
For startups seeking to build a user base, the risk can be particularly acute.
"These networks exist only if you trust them," said Li of Altimeter Group. "For these growing companies, every single step you take has to be taken with building trust in mind."
As competition intensifies in the social networking arena, a company's perceived sensitivity to privacy issues could affect its bottom line.
Last week, as Google Inc grappled with an outpouring of criticism over how it utilized private user information across its various products, Microsoft Corp - a chief competitor to Google - unfurled an ad touting its own privacy controls.
"Facebook has an enormous user base and can weather a few privacy storms," said M. Ryan Calo, a fellow at the Stanford Law School Center for Internet and Society. "It may not be an existential threat when you have 800 million users, but it is a competitive differentiator that can't be ignored."
Reporting By Gerry Shih, editing by Matthew Lewis