Archive for May, 2012

Proposed EU Data Protection Regulation – Draft Calendar

Posted by fgilbert on May 31st, 2012

Jan Philipp Albrecht, rapporteur of the European Parliament for the proposed Data Protection Regulation, has published the following draft calendar for the events and actions point associated with the finalization of the proposed Regulation. The final schedule will be agreed with the other committees involved and will be adapted as the legislation proceeds.

  • 31 May 2012, 11:00-12:00: LIBE Exchange of views (Regulation and Directive)
  • 19/20 June 2012: Presentation of general Working Document (Regulation and Directive)
  • 9/10 July 2012 : Presentation of specific working document on the Regulation (WD 1)
  • September 2012: LIBE Exchange of views (Regulation)
  • October 2012: Presentation of specific working document on the Regulation (WD 2)
  • October/November 2012: LIBE Committee Hearing
  • November 2012: Presentation of the draft report
  • December 2012: Deadline for tabling amendments
  • End January/February 2013: Discussion of Amendments in LIBE Committee
  • February 2013: Discussion with Opinion Committees
  • March/April 2013: Orientation Vote LIBE committee
  • Summer 2013 (?) Trilogue with Council and Commission
  • Early 2014 (?): Vote in plenary session

 

FTC v. Myspace

Posted by fgilbert on May 8th, 2012

On May 8, 2012, Myspace agreed to settle Federal Trade Commission charges that it misrepresented its protection of users’ personal information.

The two majors issues at stake were misrepresentation of privacy practices, and misrepresentation of compliance with Safe Harbor principles.

Misrepresentation of Privacy Practices

Myspace assigns a persistent unique identifier, called a “Friend ID,” to each profile created on Myspace. A user’s profile may publicly display the user’s name, age, gender, picture, hobbies, interests, and lists of users’ friends. 

The Myspace privacy policy promised that it would not share a user’s personally identifiable information, or use such information in a way that was inconsistent with the purpose for which it was submitted, without prior notice to, and consent from, the user. It also promised that the information used to customize ads would not identify users to third parties and would not share non-anonymized browsing activity.

The FTC charged that Myspace provided advertisers with the Friend ID of users who were viewing particular pages on the site. Advertisers could use the Friend ID to locate a user’s Myspace profile and obtain personal information publicly available on the profile. Advertisers also could combine the user’s real name and other personal information with additional information to link broader web-browsing activity to a specific individual.

Misrepresentation of Compliance with Safe Harbor Principles

Myspace certified that it complied with the U.S.-EU Safe Harbor principles, which include a requirement that consumers be given notice of how their information will be used and the choice to opt out.

The FTC alleged that the way in which Myspace handled personal information was inconsistent with its representations of compliance with the Safe Harbor principles.

Proposed Settlement

The proposed settlement order would:

  • Bar Myspace from misrepresenting the extent to which it 
protects the privacy of users’ personal information
  • Bar Myspace from misrepresenting the extent to which it belongs to or complies with any privacy, security or other compliance program, including the U.S.-EU Safe Harbor Framework.
  • Require Myspace to establish a comprehensive privacy program designed to protect consumers’ information;
  • Require Myspace to obtain biennial assessments of its privacy program by independent, third party auditors for 20 years.
  • Expose Myspace to a civil penalty of up to $16,000 for each future violation, if any, of the consent order.

The proposed settlement is open for comments; it will be finalized and will become effective after the end of the comment period.

 

Posted in FTC