Tuesday, May 08, 2012

Myspace Joins Social Networking Sites Whose Privacy Claims Have Been Challenged by the FTC

This posting was written by Jeffrey May, Editor of CCH Trade Regulation Reporter.

Today, Myspace joined other popular social networking websites—such as Facebook, Google Buzz, and Twitter—in pledging to refrain from making false consumer privacy claims in light of a Federal Trade Commission challenge.

The operator of myspace.com has agreed to settle FTC charges that it violated Section 5(a) of the FTC Act by misleading users about what information third-party advertisers received about them. The FTC complaint alleged that Myspace made numerous promises to its users regarding the extent to which it shared consumers’ personal information with third-party advertisers.

Myspace's privacy policy allegedly promised it would not share users personally identifiable information, or use such information in a way that was inconsistent with the purpose for which it was submitted, without first giving notice to users and receiving their permission to do so. The privacy policy also promised that the information used to customize ads would not individually identify users to third parties and would not share non-anonymized browsing activity.

According to the FTC complaint, from January 2009 through June 2010, and again from October 2010 through October 2011, when Myspace displayed advertisements on its website from certain unaffiliated third-party advertisers, Myspace and/or its affiliate provided those advertisers with the Friend ID of the user who was viewing the page.

Myspace assigns a persistent unique numerical identifier, called a “Friend ID,” to each user profile created on Myspace. The Friend ID can be used to access information about the user, including location, gender, age, display name, and, in many cases, the user’s full name, according to the agency. With this information, a third-party advertiser could take simple steps to get detailed information about individual users.

In addition, Myspace allegedly certified that it complied with the U.S.-European Union Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States. As part of its self-certification, Myspace purportedly claimed that it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out. The FTC alleged that these statements were false. The agency challenged similar claims by Facebook and Google Buzz last year.

Proposed Consent Order

A proposed consent order contains provisions designed to prevent Myspace from engaging in future practices similar to those alleged in the complaint, according to the FTC. Myspace would be prohibited from misrepresenting the privacy and confidentiality of any “covered information,” as well as the company’s compliance with any privacy, security, or other compliance program. Myspace also would be required to establish and maintain a comprehensive privacy program and to obtain biennial assessments of its privacy program by independent, third-party auditors for 20 years.

The complaint and proposed settlement, In the Matter of Myspace LLC, FTC File No. 102 3058, appear here on the FTC website.

No comments: