Myspace settles FTC privacy complaint
The company did not live up to privacy promises that it would not share persona information without permission, the FTC alleged
Tue, May 08, 2012
IDG News Service (Washington, D.C., Bureau) — Social networking site Myspace has agreed to settle charges from the U.S. Federal Trade Commission that it misrepresented its protection of users' personal information, the FTC announced Tuesday.
Advertisers could use the Friend ID to locate a user's Myspace profile to obtain personal information publicly available on the profile and, in most instances, the user's full name, the FTC said. Advertisers also could combine the user's real name and other personal information with additional information to link broader Web-browsing activity to a specific individual.
Myspace parent company Specific Media, which acquired the site last June, said consumer privacy is a "chief concern" of the company. The privacy violations happened in 2009 and 2010, according to the FTC's complaint.
Part of Specific Media's goal of making Myspace a top social entertainment website is "allowing users to feel comfortable and secure about the information they share," the company said in a statement. "Myspace has a long history of developing cutting-edge tools for controlling how information is used and shared. Yet, there is always room for improvement."
One of Specific Media's first priorities after acquiring Myspace was to examine its business practices, including privacy and advertising practices, the company said.
"In order to put any questions regarding Myspace's pre-acquisition advertising practices behind us, Myspace has reached an agreement with the FTC that makes a formal commitment to our community to accurately disclose how their information is used and shared," the company added.
Myspace's actions violated the FTC Act, barring unfair and deceptive business practices, the FTC alleged.
The proposed settlement bars Myspace from future misrepresentations about users' privacy, requires the company to implement a comprehensive privacy program, and requires regular independent privacy assessments over the next 20 years.
In addition to the privacy promises, Myspace certified that it complied with the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data from the European Union to the U.S. In a self-certification process, Myspace said it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out. The FTC alleged that Myspace's safe harbor statements were false.
The settlement agreement is subject to public comment for 30 days, continuing through June 8. The commission will decide after the comments whether to make the proposed settlement final.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.