Each Myspace user is assigned a unique and persistent numerical identifier, known as a “Friend ID,” which is closely tied to user accounts and associated personal information such as names and email addresses. In two periods between 2009 and 2011, Myspace shared Friend IDs with unaffiliated advertisers, allowing trivial identification of individual users’ names and web pages for users associated with those Friend IDs.
The FTC alleged that the sharing of Friend IDs misled users in violation of § 5(a) of the FTC Act. In the resulting consent order, Myspace agreed to the following:
- a prohibition on future misrepresentations,
- the establishment of a comprehensive privacy program,
- independent assessments of its privacy programs for 20 years, and
- reporting and compliance provisions.
While directed at Myspace, the FTC’s consent order should put mobile app developers and advertising networks on notice as they develop advertising programs that leverage unique user identifiers. Due primarily to privacy concerns, Apple recently began phasing out the use of unique UDIDs that allowed developers to individually identify a phone and track usage and user behavior for advertising purposes.
This change threatens advertising-supported apps because targeted ads are more valuable to advertisers and therefore generate more revenue for developers. App developers and advertising networks are attempting to develop a replacement identifier to persistently track users across applications, but as of yet no method has proven as reliable and consistent as the UDID.