Myspace settles FTC privacy complaint, will have compliance checks over 20 years
The company did not live up to privacy promises that it would not share persona information without permission, the FTC alleged
By Grant Gross | Published: 14:50, 09 May 2012
Social networking site Myspace has agreed to settle charges from the US Federal Trade Commission that it misrepresented its protection of users' personal information, the FTC announced Tuesday.
Advertisers could use the Friend ID to locate a user's Myspace profile to obtain personal information publicly available on the profile and, in most instances, the user's full name, the FTC said. Advertisers also could combine the user's real name and other personal information with additional information to link broader Web-browsing activity to a specific individual.
Related Articles on Techworld
Myspace parent company Specific Media, which acquired the site last June, said consumer privacy is a "chief concern" of the company. The privacy violations happened in 2009 and 2010, according to the FTC's complaint.
Part of Specific Media's goal of making Myspace a top social entertainment website is "allowing users to feel comfortable and secure about the information they share," the company said in a statement. "Myspace has a long history of developing cutting-edge tools for controlling how information is used and shared. Yet, there is always room for improvement."
One of Specific Media's first priorities after acquiring Myspace was to examine its business practices, including privacy and advertising practices, the company said.
"In order to put any questions regarding Myspace's pre-acquisition advertising practices behind us, Myspace has reached an agreement with the FTC that makes a formal commitment to our community to accurately disclose how their information is used and shared," the company added.
Myspace's actions violated the FTC Act, barring unfair and deceptive business practices, the FTC alleged.
The proposed settlement bars Myspace from future misrepresentations about users' privacy, requires the company to implement a comprehensive privacy program, and requires regular independent privacy assessments over the next 20 years.
In addition to the privacy promises, Myspace certified that it complied with the US-EU Safe Harbour Framework, which provides a method for US companies to transfer personal data from the European Union to the US. In a self-certification process, Myspace said it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out. The FTC alleged that Myspace's safe harbor statements were false.
The settlement agreement is subject to public comment for 30 days, continuing to 8 June. The commission will decide after the comments whether to make the proposed settlement final.