![[some] blog logo](/wp-content/themes/haynesboone2012/images/some_header.jpg "Blogs of Haynes and Boone, LLP")
MySpace, Just the Latest Social Media Company to Settle with FTC Over Allegedly Misleading Privacy Policy
The average MySpace user might be forgiven for not knowing every nuance of MySpace’s approximately 2,500-word-long privacy policy. However, the privacy policy’s author—MySpace itself—enjoys no such leniency. MySpace is the latest Web 2.0 company that was dinged for, according to the Federal Trade Commission (“FTC”), not following its own user privacy rules.
The Federal Trade Commission Act empowers the FTC to prevent “unfair or deceptive acts or practices in or affecting commerce.”
According to an FTC complaint, MySpace provided third-party advertisers with its users’ “Friend IDs”: unique identifiers which advertisers could then use to discover a trove of personal information, including, in most cases, the users’ full names. The problem, according to the FTC, was that MySpace had promised its users that advertisers would not have access to that type of personally identifiable information (“PII”).
In particular, the FTC pointed to MySpace’s own privacy policy, which stated that “except as described in this Privacy Policy, MySpace will get your permission before we use the PII you provide to us in a way that is inconsistent with the purpose for which it was submitted or share your PII with third parties that are not affiliated with MySpace.” In addition, the FTC noted that the privacy policy provided that MySpace’s customized advertisement feature “does not provide your PII or identify you as an individual to third parties.”
On May 8, 2012, a proposed settlement between MySpace and the FTC was announced. The proposed settlement orders MySpace to adopt a comprehensive privacy policy and to refrain from misrepresenting the extent to which MySpace protects its users’ information. Perhaps most onerously, MySpace is required to submit to independent privacy audits every two years—for the next two decades.
MySpace’s run-in with the FTC is hardly unprecedented. Indeed, the FTC has made clear that it is open season on companies that violate their own privacy policies. In 2011, Facebook settled with the FTC, prompting Facebook CEO and Chairman Mark Zuckerberg to admit that Facebook had “made a bunch of mistakes.” As with the MySpace settlement, Facebook agreed to, among other things, not misrepresent its privacy policy and to submit to privacy assessments by independent auditors for twenty years.
Other social media companies that have similarly settled with the FTC in the past two years include Google and Twitter.
With the FTC (not to mention privacy groups and users themselves) watching, companies that deal in personal information must remain vigilant that they are, at a minimum, abiding by their own published privacy policies.
Follow Me