Security Experts:

MySpace Settles With FTC Over Privacy Charges

MySpace Settles With FTC After Failing to Live up to Privacy Expectations

On Tuesday, the Federal Trade Commission (FTC) announced that MySpace has agreed to settle charges that the social networking portal misrepresented its privacy claims to users.

The complaint hinges on the fact that, when MySpace was relevant and actually used by people, the social networking portal’s privacy policy assured that personally identifiable information would not be shared or used in a way that that was inconsistent with the purpose for which it was submitted. If it was, then the users were to be given notice and were told they would be asked for permission first.

MySpace has what’s called a FriendID, a unique number assigned to each profile created on the site. Despite their promises, the FTC said that the FriendID was provided to advertisers, who in turn could then use that information to locate the profile and collect all of the public data associated with it.

This could also lead to the advertisers using the real name associated with the FriendID and other personal details with additional information to link broader web-browsing activity to a specific individual, the FTC added.

“In order to put any questions regarding MySpace’s pre-acquisition advertising practices behind us, MySpace has reached an agreement with the FTC that makes a formal commitment to our community to accurately disclose how their information is used and shared,” Specific Media, MySpace’s parent company, said in a statement.

The settlement that the two sides agreed on bars MySpace from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy assessments for the next 20 years.

No fines were assessed as part of the settlement.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.