The Federal Trade Commission announced a settlement with Myspace over disclosure of Myspace users' personal information.  The FTC alleged that despite the promises contained in its privacy policy, Myspace provided advertisers with the unique identifier of Myspace users who were viewing particular pages on the social networking site.  Advertisers could use the unique identifier to locate a user's Myspace profile to obtain personal information publicly available on the profile and, in most instances, the user's full name.  According to the FTC, advertisers also could combine the user's real name and other personal information with additional information to link broader web-browsing activity to a specific individual.  The FTC claimed that these practices violated Myspace's privacy policy. 

The agency also claimed that Myspace certified that it was complying with the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.  As part of its self-certification, Myspace claimed that it complied with the Safe Harbor Principles, including the requirements that consumers be given notice of how their information will be used and the choice to opt out.  The FTC alleged that these statements were false.

Under the proposed settlement, Myspace is required to establish a comprehensive privacy program designed to protect consumers' information, and to obtain biennial assessments of its privacy program by independent, third-party auditors for 20 years.