FTC, MySpace, and your PII

The FTC announced on May 8, 2012 that the social networking service MySpace has agreed to settle FTC charges that it misrepresented its protection of users’ PII (personally identifiable information).  Here is what the FTC alleges was going on: In order for MySpace users to create customized personal online profiles, they had to register.  To register, they had to give their full name, email address, birth date, and gender.  They could also add pictures, relationship status, hobbies, and other information.  MySpace assigned a unique identifier, called a Friend ID, to each profile created.  MySpace’s default settings made user’s full names publicly available through the Friend ID.  What users didn’t realize was that they had to override the default if they wanted to hide that information.

MySpace’s privacy policy stated that they wouldn’t share a user’s PII or use it in a way that was inconsistent with the purpose for which it was submitted without first giving notice to users and receiving their permission to do so.  Furthermore, the privacy policy also promised that any web browsing activity shared with advertisers would be anonymized.  Those claims were false and deceptive, the FTC complaint alleges.

MySpace has agreed to change its practices to protect users’ privacy in the future.  Part I of the proposed order prohibits MySpace from misrepresenting the privacy and confidentiality of any “covered information” which includes first and last name, home or other physical address, email address, mobile or other phone numbers, photos and videos, IP address, User ID, device ID, list of contacts, or physical location.  Part II of the order requires MySpace to implement a comprehensive privacy program designed to address privacy risks in existing as well as new products.  Part III requires MySpace to have its privacy program evaluated every other year for the next 20 years by a qualified, objective, independent professional.

NOTE: The FTC complaint is not a finding or ruling that the respondent has actually violated the law.  A consent agreement is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated.

For more information you can trust, visit evansville.bbb.org.

Related Posts:

Social Networking Safety Tips

NCPW-Control Your Data Online

Breaking Down Privacy Online Advertising

Are Your Privacy Settings Exposing You or Your Teen to Unnecessary Risk?

Google’s New Privacy Policy- What You Need to Know

MySpace Settles FTC Charges That It Misled Millions of Users About Sharing Personal Information with Advertisers

Written by

Jackie is the Operations and Education Foundation Assistant with the BBB. She assists consumers with business inquiries, and does presentations to senior groups and high school students. She is a regular contributor to the blog.

No Comments Yet.

Leave a Reply

*