The social network site, Myspace, agreed to settle Federal Trade Commission (FTC) charges that it misrepresented its protection of users' personal information. See In re Myspace LLC, FTC File No. 102 3058 (proposed settlement announced May 8, 2012). The FTC complaint alleged that Myspace made numerous promises in its privacy policy regarding the extent to which it shared users' personal information with third-party advertisers. The agency alleged that Myspace's privacy policy promised, among other things, that: (1) the company would not use or share a user’s personally identifiable information without permission; (2) online advertisers would not have access to users' personally identifiable information or be able to individually identify users; and (3) the information shared with advertisers regarding web browsing activity was anonymized.
According to the complaint, for a period of time, Myspace displayed targeted advertisements from certain third-party advertisers, which were provided with the user's "Friend IDs," a persistent unique numerical identifier assigned to each Myspace user profile and part of the URL for each user's profile page. With Friend ID information, a third-party advertiser could conceivably find out detailed information about individual users, such as by visiting the user’s personal profile page or combining the user’s real name from his or her profile page with additional information contained in the advertiser’s tracking cookie about the user’s web browsing history.
The proposed settlement order bars Myspace from misrepresenting the extent to which it protects the privacy of users' personal information. The settlement also requires Myspace to establish a comprehensive privacy program designed to protect consumers' information, and to obtain biennial assessments of its privacy program by independent auditors for 20 years.
The Myspace settlement underscores the FTC's active enforcement efforts concerning allegedly misleading website privacy policies. Indeed, in the past few years, the agency has announced settlements with several online companies regarding privacy promises. See e.g.:
-
In re ScanScout, Inc., FTC File No. 1023185 (Order Dec. 14, 2011) (online advertiser agreed to settle FTC charges that it deceptively claimed that consumers could opt out of receiving targeted ads by changing their computer’s web browser settings to block cookies)
-
United States v. Godwin, No. 11-03846 (N.D. Ga. Consent Decree filed Feb. 1, 2012) (operator of a youth-oriented social network site agreed to settle FTC charges that he collected personally information from approximately thousands of children without obtaining prior parental consent in violation of the COPPA Rule and made deceptive claims about information collection practices in the site's privacy policy)
