FTC imposes 20 years of audits on Myspace

The Myspace social network has agreed to regular, independent privacy audits for the next 20 years as required by a settlement with the US Federal Trade Commission (FTC). The FTC found that the company’s  privacy policy was misleading.  Myspace was also charged with non-compliance with the Safe Harbor framework with regard to notice requirements and opt out.

Myspace users were issued a unique "Friend ID" after submitting personal data. Myspace's privacy policy stated that the site would not share personal  information, or would seek individuals’ consent to do so.  However, Myspace provided advertisers with the Friend ID of users who were viewing particular pages on the site. Advertisers could, with the help of the Friend ID, locate users’ Myspace profile to obtain personal information available on their profile.

The FTC requires Myspace to establish a comprehensive privacy programme and organise audits every two years for the next 20 years by independent, third-party auditors. The  FTC has previously imposed similar requirements on Facebook and Google.

The settlement was published on 8 May 2012.