MySpace Privacy Shenanigans Earn FTC Finger-Shaking

Social network MySpace settled with the U.S. Federal Trade Commission Tuesday over charges related to how the site was using members’ personal information.

The social network had access to personal data from users, including their full names, ages and genders. MySpace promised users it would not share that information unless it received user consent, but the FTC said the company sometimes gave advertisers so-called Friend IDs that would allow them to view certain MySpace profiles.

Using information found on the profiles, advertisers could take note of users’ interests and hobbies, the FTC claimed. From that information, which the FTC said also included data about personal Web-browsing habits, advertisers could direct highly targeted ads toward those users.

Users were under the impression their information wasn’t going to be used in that manner, the FTC said.

The once-popular social site agreed to a settlement rather than fight the charges. MySpace has agreed to implement a new privacy program that will better protect consumer data, and it is now banned from additional privacy misrepresentation. The site must also undergo privacy assessments every two years for the next 20 years.

Neither the FTC nor MySpace responded to our requests for comment.

Cracking Down on Privacy

MySpace isn’t the only social site to settle with the FTC on privacy matters. Last year, Facebook agreed to similar regulatory check-ins after the FTC claimed that the networking site was misleading consumers as to what information was being kept private.

“It’s not necessarily surprising, since other online companies reached similar settlements with the FTC,” Danielle Coffey, vice president of government affairs at the Telecommunications Industry Association, told the E-Commerce Times.

In both cases, the sites escaped having to pay any fines, even though the FTC said future violations could mean a penalty of up to US$16,000.

“The fact that there was no monetary fine suggests that the FTC did not think MySpace management had intentionally violated its privacy policy,” Jane Winn, professor of law at the University of Washington School of Law, told the E-Commerce Times.

FTC Not the Real Threat

“While being caught by the FTC creates a day or two of bad publicity, the actual consequences are very rarely severe,” Michael Froomkin, professor of law at the University of Miami School of Law, told the E-Commerce Times. “And thus, one must imagine, the deterrent effect must also be somewhat limited.”

For consumers who demand more online privacy, a better route might be to go though channels other than the government to ensure action, said Coffey.

“Both have an impact on corporate responsibility, but the volume of consumer response and dissatisfaction can raise to a level government sanctions may not have the ability to compete with,” said Coffey.

As the number of online transactions increases, as does the sheer amount of personal data online, even the combined power of the consumer and government sanctions can’t be relied upon to fully protect a consumer, though, said Winn.

MySpace could have avoided FTC enforcement efforts by simply telling the truth about what it was doing — the FTC cannot force a business to adopt a privacy policy offering strong privacy protections.

“Market pressure has led to companies like Facebook backing off some of their most privacy-unfriendly policies,” said Winn. “But market pressure doesn’t ever seem to lead to good privacy protection.”