MySpace Settles FTC Charges Related To Sharing User Data With Advertisers

Social network MySpace told users it wouldn’t share personally identifiable information (PII), but then it gave advertisers individual Friend IDs that could be easily connected with user profiles and the information publicly posted there, according to the Federal Trade Commission. The agency says MySpace also incorrectly told users it complied with the U.S.-EU Safe Harbor Framework related to personal data.

The FTC says MySpace misled “millions of users.”

MySpace has agreed to a settlement with the FTC over the charges, which has the company saying it won’t make privacy misrepresentations in the future, implementing a comprehensive privacy program, and arranging for independent privacy assessments every two years for the next 20 years. There was no fine assessed as part of the agreement, nor did MySpace specifically admit fault.

The key lesson here seems to be that social network and publishers need to be very careful with unique user IDs and how they are protected and shared — no matter how far removed they seem from personally identifiable information.

In a post on the FTC Tech Blog, FTC Chief Technologist Ed Felten wrote:

While enabling syncing [associating one pseudonym with another] was one of the issues in this case, it’s important to recognize that syncing of pseudonyms is not always a privacy problem nor a violation of the law.  What made the possible syncing problematic in the case of Myspace was that (1) Myspace enabled ad networks to use Myspace’s Friend ID pseudonym to get personal information about the associated user, and (2) Myspace promised its users that it would not share that personal information with third parties.

If your product syncs pseudonyms or identifiers with third parties, or makes such syncing possible, you might want to ask yourself which information flows, if any, are enabled by the syncing, and whether those information flows are consistent with your privacy obligations.

Biennial Privacy Audits Becoming Standard

MySpace is just the latest social network to get slapped on the wrist by the FTC. Other players in the social space — Facebook, Twitter and Google — have also agreed to multiple years of privacy audits in the last couple of years, making such biennial audits effectively the industry standard.

Facebook had a similar  privacy scandal involving unique user IDs, when it was discovered that various apps were passing unique Facebook IDs to advertising companies.

MySpace is now owned by Specific Media, which acquired it in June of 2011. Specific Media, in a blog post on its site, says the practices the FTC was concerned about are now in the past:

“…one of our first actions after acquiring Myspace was to thoroughly examine the company’s business practices and, where applicable, make improvements. A major focus of this review was to ensure that Myspace delivered advertisements to consumers in a manner that safeguarded their privacy. Applying our expertise in online advertising, we successfully improved upon Myspace’s historical practices, bringing the social media platform to the forefront of industry best practice for ad delivery. “

Privacy Policy Said Ad Targeting Data Wouldn’t Identify Individual Users

The charges stemmed from the FTC’s contention that MySpace promised users, via its privacy policy, that it wouldn’t share their PII or use information in a way that was inconsistent with why it was submitted without giving them notice and obtaining consent. The privacy policy also specifically told users that data used to customize ads wouldn’t individually identify users, nor would it share non-anonymized behavioral data.

But the FTC said MySpace did share Friend IDs, along with their specific browsing data, with advertisers. Those Friend IDs could be directly tied back to users’ public profiles, which often contained their real full names, which could then be tied back — to additional web-browsing activity, in violation of federal law, the FTC said.

The proposed settlement will now be subject to a public comment period, after which commissioners will decide whether to make it final.

Related Topics: Channel: Social Media Marketing | Legal: Privacy | MySpace

Sponsored


About The Author: is executive features editor of Marketing Land and Search Engine Land. She’s a well-respected authority on digital marketing, having reported on, written about and worked in digital media and marketing for more than 10 years. She is a previous managing editor of ClickZ and has worked on the other side of digital publishing, helping independent publishers monetize their sites in her work at Federated Media Publishing.

Connect with the author via: Email | Twitter | Google+ | LinkedIn



Marketing Day:

Get the top marketing stories daily!  

Share

Other ways to share:
 

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. You can read more about our comments policy here.
  • Pat Grady

    No fine?  Future auditing… umm, their future is, imo, in question.  Follows $25k fine recently.  What’s going on?

Get Our News, Everywhere!

Daily Email:

Follow Marketing Land on Twitter @marketingland Like Marketing Land on Facebook Follow Marketing Land on Google+ Subscribe to Our Feed! Join our LinkedIn Group Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Marketing News!

Marketing Day is a once-per-day newsletter update - sign up below and get the news delivered to you!