Myspace violated its own privacy policy and shared personally identifiable user information with advertisers, the Federal Trade Commission claimed.
The social network has agreed to settle FTC charges that it misrepresented how it protected its community members’ personal information. If the settlement proposal is enforced, the site will no longer be allowed to misrepresent its privacy policies and is required to put a comprehensive privacy program in place. It also faces biennial privacy assessments for the next two decades.
Every Myspace profile is assigned a unique identification number, or Friend ID. Profiles contain information like a person’s name, age, gender and other details that could be used to identify them.
The FTC says Myspace’s privacy policy claimed it wouldn’t share users’ identifiable information or use those details in a way that didn’t fit with the purpose for which they were shared, without prior warning or getting permission from those users first. The site also said that the information used to display custom ads would not reveal individual identities to third-party companies. Additionally, the policy stated that Myspace wouldn’t share non-anonymous Web-browsing activity.
The FTC claimed the partly Justin-Timberlake-owned Myspace provided Friend IDs of those who were looking at particular pages on the site to advertisers. Advertisers may have used those IDs to track down personal profiles and view those users’ personal information, including, in many cases, their full names.
Combined with other information, advertisers could use Myspace community members’ real names to link Web-browsing activity to a specific person. To that end, the FTC claimed that the “deceptive” statements Myspace made in its privacy policy were in violation of federal law.
Meanwhile, the FTC cites Myspace as claiming that it complied with the U.S.-EU Safe Harbor Framework. This is a measure that lets U.S. companies legally transfer data from the European Union to the States. Myspace allegedly said it provided community members with information on how their personal information will be used and the option to opt out, as stated under the framework’s principles. However, the FTC said these statements were untrue.
The settlement between Myspace and the FTC is subject to a 30-day period where members of the public and other parties can submit comments for consideration. After that period ends on June 8, the FTC will decide whether to finalize the proposed consent order. Once such an order is in place, it’s enforceable by law and each violation can result in a $16,000 fine.
Myspace did not respond to a request for comment.
The FTC settlement follows on from a similar complaint against Facebook last year. Google also faces regular privacy audits stemming from privacy issues related to failed social service Google Buzz.
Transparency is important for Web communities. If the likes of Myspace, Facebook, Path, and Google aren’t being completely open with how they’re handling members’ personal details, it’s difficult for people to trust them.
Photo by Iain Farrell