• by Wendy Davis , Staff Writer @wendyndavis, September 12, 2012

The Federal Trade Commission and Myspace have finalized the settlement of a privacy complaint alleging that the social network passed along users' names to advertisers via referrer headers.

The agreement prohibits Myspace from misrepresenting its privacy policy in the future. The deal also requires Myspace to implement a comprehensive privacy policy, and to agree to audits for 20 years. The company -- which was the most popular U.S. social networking service before being eclipsed by Facebook and LinkedIn -- was purchased last year by the ad network Specific Media.

Myspace, like many Web companies, allegedly "leaked" information about users by including data about them in referrer headers -- the HTTP header information that is automatically sent by publishers to ad networks. In Myspace's case, the company transmitted users' age, gender and "FriendID" to ad networks via referrer headers, according to the FTC. Advertisers were then able to use the FriendID to access users' profile information, which included the full names of around 84% of Myspace users, the FTC alleged.

The commission said that Myspace's transmission of FriendID constituted a deceptive business practice because the company promised in its privacy policy not to share  "personally identifiable information" with outside companies.

The terms agreed to by Myspace aren't as stringent as the ones that Facebook recently accepted in a separate privacy complaint brought by the FTC. In that case, Facebook promised to obtain users' express consent before sharing their information more broadly than its privacy policy allowed when users uploaded their data.

That settlement stemmed from accusations by the FTC that Facebook repeatedly shared users' data more broadly than they authorized. The best-known example probably occurred in December of 2009, when Facebook reclassified a host of data about users as “public” -- including people's names, photos and friend lists. But the company also was accused of sharing some users' names with advertisers via referrer headers.

The advocacy group Electronic Privacy Information Center asked the FTC also to require Myspace to promise that it will seek users' opt-in consent before sharing information about them to a greater extent than in the past. But the FTC rejected that request because the charges against Myspace weren't as broad as the allegations against Facebook. "The complaint against Myspace does not include allegations that the company materially exceeded the privacy settings of users through a retroactive change to a privacy policy, as the Facebook case did," the FTC said in a letter to EPIC.