All of the big players have already gotten similar consent decrees. Twitter got one over a password leak. Google got one over Buzz. Microsoft got one over Passport/Wallet (though that has perhaps expired). Facebook got one over Beacon.

Everyone gets one sooner or later, it seems. It's a giant PITA, but everyone has the audit infrastructure in place by now, so I wouldn't expect it to matter too much.

It's a convenient way to regulate an industry without having to pass any additional laws.

Path will probably just sell the tech, and the employees, and not the actual company. Corporations can do strange things like that.

Yep, quite possible. I guess they may also forget to reissue share options to non-execs in the process. ;)

>>Curious, if Path is acquired does the purchaser also acquire the 20 year privacy assessment requirements?

Probably, or else Path2 made of the same investors could buy Path and get out of the agreement.