According to the complaint, for a period of time, Myspace displayed targeted advertisements from certain third-party advertisers, which were provided with the user's "Friend IDs," a persistent unique numerical identifier assigned to each Myspace user profile and part of the URL for each user's profile page. With Friend ID information, a third-party advertiser could conceivably find out detailed information about individual users, such as by visiting the user’s personal profile page or combining the user’s real name from his or her profile page with additional information contained in the advertiser’s tracking cookie about the user’s web browsing history.
The proposed settlement order bars Myspace from misrepresenting the extent to which it protects the privacy of users' personal information. The settlement also requires Myspace to establish a comprehensive privacy program designed to protect consumers' information, and to obtain biennial assessments of its privacy program by independent auditors for 20 years.
The Myspace settlement underscores the FTC's active enforcement efforts concerning allegedly misleading website privacy policies. Indeed, in the past few years, the agency has announced settlements with several online companies regarding privacy promises. See e.g.:
In re ScanScout, Inc., FTC File No. 1023185 (Order Dec. 14, 2011) (online advertiser agreed to settle FTC charges that it deceptively claimed that consumers could opt out of receiving targeted ads by changing their computer’s web browser settings to block cookies)