Myspace settles FTC privacy complaint

Social networking site Myspace has agreed to settle charges from the U.S. Federal Trade Commission that it misrepresented its protection of users’ personal information, the FTC announced Tuesday.

Myspace’s privacy policy promised that the site would not share users’ personally identified information, or use information in a way that was inconsistent with the purpose for which it was submitted, without giving notice to users and receiving their permission. Myspace, however, provided advertisers with persistent unique identifiers, called Friend IDs, of users who were viewing particular pages on the site, the FTC said.

Advertisers could use the Friend ID to locate a user’s Myspace profile to obtain personal information publicly available on the profile and, in most instances, the user’s full name, the FTC said. Advertisers also could combine the user’s real name and other personal information with additional information to link broader Web-browsing activity to a specific individual.

The privacy policy promised that the information Myspace used to customize ads would not individually identify users to third parties and would not share browsing activity, the FTC said.

Myspace parent company Specific Media, which acquired the site last June, said consumer privacy is a “chief concern” of the company. The privacy violations happened in 2009 and 2010, according to the FTC’s complaint.

Part of Specific Media’s goal of making Myspace a top social entertainment website is “allowing users to feel comfortable and secure about the information they share,” the company said in a statement. “Myspace has a long history of developing cutting-edge tools for controlling how information is used and shared. Yet, there is always room for improvement.”

One of Specific Media’s first priorities after acquiring Myspace was to examine its business practices, including privacy and advertising practices, the company said.

“In order to put any questions regarding Myspace’s pre-acquisition advertising practices behind us, Myspace has reached an agreement with the FTC that makes a formal commitment to our community to accurately disclose how their information is used and shared,” the company added.

Myspace’s actions violated the FTC Act, barring unfair and deceptive business practices, the FTC alleged.

The proposed settlement bars Myspace from future misrepresentations about users’ privacy, requires the company to implement a comprehensive privacy program, and requires regular independent privacy assessments over the next 20 years.

In addition to the privacy promises, Myspace certified that it complied with the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data from the European Union to the U.S. In a self-certification process, Myspace said it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out. The FTC alleged that Myspace’s safe harbor statements were false.

The settlement agreement is subject to public comment for 30 days, continuing through June 8. The commission will decide after the comments whether to make the proposed settlement final.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.