Privacy Violations: First Google, then Facebook, and now MySpace

After an investigation into the privacy practices of  MySpace, the Federal Trade Commission agreed to settle pending charges that the Social Networking Service misrepresented the procedures it used to protect its users personal information.

The Myspace social network has millions of users who create and customize online profiles containing substantial personalized content. Myspace assigns a persistent unique identifier, called a “Friend ID,” to each profile created on Myspace. A user’s profile publicly discloses his or her age, gender, profile picture (if the user chooses to include one), display name, and, by default, the user’s full name. User profiles also may contain additional information such as pictures, hobbies, interests, and lists of users’ friends.

Myspace’s privacy policy promised it would not share users personally identifiable information, or use such information in a way that was inconsistent with the purpose for which it was submitted, without first giving notice to users and receiving their permission to do so. The privacy policy also promised that the information used to customize ads would not individually identify users to third parties and would not share non-anonymized browsing activity.

Despite the promises contained in its privacy policy, the FTC alleged that Myspace provided advertisers with the Friend ID of users who were viewing particular pages on the site. Advertisers could use the Friend ID to locate a user’s Myspace profile to obtain personal information publicly available on the profile and, in most instances, the user’s full name. Advertisers also could combine the user’s real name and other personal information with additional information to link broader web-browsing activity to a specific individual. The agency charged that the deceptive statements in its privacy policy violated federal law.

The settlement bars Myspace from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy assessments for the next 20 years.

This isn’t the first time that the FTC settled privacy charges against a large Internet company.  In 2010, Google agreed to the same provisions in settling similar FTC charges, followed by Facebook in 2011.   The latest settlement is part of the FTC’s ongoing effort to ensure that companies adhere to the promises they make in their privacy policies.

 



Author: Seth Heyman
Seth D. Heyman is a California attorney with extensive experience in advertising and marketing law, corporate law, contracts, governmental regulations, international business, and Internet law. He has counseled numerous successful companies, both public and private, and was responsible for regulatory compliance, contract management, corporate governance, and HR best practices for multiple organizations in many diverse industries, including marketing, telecommunications, energy, and technology development. He offers insight and guidance on federal and state direct mail, TV, radio, telemarketing, and Internet marketing laws, as well as online promotions, Internet privacy, data protection regulations, and similar matters.

Leave a Reply

Skip to content