Moribund social networking service Myspace has agreed to settle Federal Trade Commission charges that it misled users over the use of their personal information.
The settlement orders MySpace to be more accurate in future, to implement a comprehensive privacy program and submit to regular, independent privacy assessments for the next 20 years.
MySpace user profiles publicly disclose age, gender, profile picture, display name, and, by default, the user’s full name. They may also contain additional information such as pictures, hobbies, interests and friend lists. Each profile is given a persistent unique identifier, called a Friend ID.
But despite promising not to share users’ personally identifiable information, the FTC says Myspace provided advertisers with the Friend ID of users who were viewing particular pages on the site.
Advertisers could use the Friend ID to locate a user’s Myspace profile and obtain personal information publicly available on the profile and, in most instances, the user’s full name.
They could also combine the user’s real name and other personal information with additional information to link broader web-browsing activity to a specific individual.
“In addition, Myspace certified that it complied with the US-EU Safe Harbor Framework, which provides a method for US companies to transfer personal data lawfully from the European Union to the United States,” says the FTC.
“As part of its self-certification, Myspace claimed that it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out. The FTC alleged that these statements were false.”
The deal is similar to those struck with Facebook and Google – although Google may be in for more scrutiny to come. In February, three lawmakers asked the FTC to investigate claims that the company had been bypassing privacy settings in Apple’s Safari browser to install cookies, even where the browser was set to reject them.