Social networking service Myspace has settled Federal Trade Commission charges that it misrepresented how it protects users' personal information.
The settlement bars Myspace from future privacy misrepresentations, requires it to begin an updated privacy program and calls for regular, independent privacy assessments for the next 20 years.
Myspace has millions of users who create and customize online profiles containing substantial personalized content. Myspace assigns a persistent unique identifier, called a "Friend ID," to each profile created on Myspace.
A user's profile publicly discloses his or her age, gender, profile picture (if the user chooses to include one), display name, and, by default, the user's full name. User profiles also may contain additional information such as pictures, hobbies, interests and lists of users' friends.
In addition, Myspace certified that it complied with the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.
As part of its self-certification, Myspace claimed that it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out. The FTC alleged that these statements were false.
The proposed settlement order bars Myspace from misrepresenting the extent to which it protects the privacy of users' personal information or the extent to which it belongs to or complies with any privacy, security or other compliance program, including the U.S.-EU Safe Harbor Framework.
The order also requires that Myspace establish a comprehensive privacy program designed to protect consumers' information, and to obtain biennial assessments of its privacy program by independent, third-party auditors for 20 years.