The Federal Trade Commission (FTC) on May 8, 2012, announced that it has reached a consent agreement with the social networking site Myspace. The agreement settled charges that Myspace misled its users about the extent to which the site shared personal information with third-party advertisers, and it signals increased scrutiny by the FTC on how social networks share information about their users with advertisers. The consent order prohibits Myspace from making misrepresentations regarding the extent to which it maintains the privacy of its users' information and the extent to which it complies with the U.S.-EU Safe Harbor Framework and similar programs. The order also requires Myspace to establish a "comprehensive privacy program" and obtain biennial assessments of the program by an independent auditor for the next 20 years. The consent order is the third such order specifically requiring a comprehensive privacy program, following similar privacy consent orders the FTC entered into with Google and, more recently, Facebook.
Since January 2009, Myspace allegedly shared the Friend IDs, ages, and genders of users viewing the Myspace site with third-party advertisers. According to the complaint, Myspace transmitted this information to third-party advertisers from January 2009 to June 2010 whenever its affiliated advertising network did not have an appropriate ad to serve. While Myspace allegedly started encrypting the Friend IDs, ages, and genders of users viewing the Myspace site in June 2010, it provided the encryption key to its affiliated ad network so that this information could be used to target advertising to those users. On October 29, 2010, Myspace's affiliated ad network was sold to a third party, and Myspace allegedly continued to provide the encryption key to the new owners of the ad network for the following year.
Please see full alert below for more information.