The Federal Trade Commission finalized a settlement with MySpace over charges that the social networking site violated the privacy of its users.
The transfer of the information constituted a deceptive practice in violation of Section 5 of the FTC Act, according to the agency’s complaint, filed this past May.
MySpace also certified that it complied with the U.S.-EU Safe Harbor Framework (allowing the legal transfer of personal data to the United States from the European Union) and the accompanying Safe Harbor Principles. But the FTC said that MySpace failed to comply, as it did not give its users notice of how their information would be used and the choice to opt out.
Pursuant to the settlement, MySpace is barred from future privacy misrepresentations and must institute a comprehensive privacy program that is subject to biennial assessments by independent third-party auditors for the next 20 years.
Not everyone was happy with the deal, however. During the public comment period prior to final approval of the settlement, the Electronic Privacy Information Center (EPIC) complained the terms did not go far enough. The group argued that the FTC should have emphasized the necessity of privacy safeguards for the site’s data rather than prohibiting MySpace from future deception. Specifically, the settlement should have mandated that MySpace obtain affirmative, opt-in consent, the group argued, similar to the terms of Facebook’s recent privacy settlement with the FTC.
To read the complaint and the settlement agreement in In the Matter of MySpace, click here.
To read EPIC’s comments about the settlement, click here.