Privacy & Information Security Law Blog

On May 8, 2012, the Federal Trade Commission announced a settlement agreement with the social networking service Myspace LLC (“Myspace”). The FTC alleged that Myspace’s practice of sharing users’ personal information with unaffiliated third-party advertisers conflicted with representations the company made in its privacy policy, and could allow those advertisers to obtain users’ names, publicly available information and information about their online browsing habits.

According to the FTC’s complaint, Myspace’s privacy policy stated that it would not share personal information except as described in the privacy policy without first giving notice to users and receiving permission for the sharing. The privacy policy indicated that the information included in cookies used to customize advertisements did not identify users to third parties, and that only “[a]nonymous click stream, number of page views calculated by pixel tags, and aggregated demographic information may also be shared with MySpace’s advertisers and business partners.” Myspace also represented that it complies with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.

The FTC’s complaint alleged that, contrary to its representations, Myspace (1) provided users’ personal information to unaffiliated third-party advertisers without first giving users notice or obtaining users’ permission; (2) allowed advertisers to access personally identifiable information via the means through which Myspace customizes ads; (3) shared non-anonymized web-browsing activity with advertisers; and (4) did not adhere to the U.S. Safe Harbor privacy principles of Notice and Choice. According to the FTC, these activities constituted deceptive acts or practices in violation of the FTC Act.

The proposed settlement order prohibits Myspace from misrepresenting the manner in which it maintains and protects the privacy and confidentiality of its users’ personal information, and requires the company to establish and maintain a comprehensive privacy program subject to biennial, independent, third-party audits for 20 years.