Twitter fined $150 million by FTC for alleged privacy violations
Twitter has agreed to pay $150 million for violating a 2011 administrative order with the U.S. Federal Trade Commission over how it used the email addresses and phone numbers of its users for targeted advertising, the agency announced with the Department of Justice on Wednesday.
In a 20-page complaint filed Wednesday in the U.S. District Court for the Northern District of California, the DoJ alleged that from May 2013 to September 2019, Twitter asked users for their contact information to make their accounts more secure. The social media giant failed to tell users that it would also use the phone numbers and email addresses to help companies send targeted ads to them, the DoJ alleges.
The 2011 FTC order stated that Twitter "engaged in deceptive acts or practices" by misrepresenting how it handled user data, and that the company lacked reasonable safeguards to keep accounts and data secure. Additionally, the order barred Twitter from misrepresenting "the extent to which [it] maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information."
Twitter decided to settle the complaint by paying the fine and agreeing to a number of compliance measures, such as audits of its privacy program. "In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected," Damien Kieran, the company's chief privacy officer, said in a statement.
The complaint also alleged that Twitter's behavior violated the EU-U.S. Privacy Shield, which regulated the transfer of data between the U.S. and Europe.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," FTC Chair Lina Khan said in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
In 2020, Twitter told shareholders in a regulatory filing that it was aware of the FTC's allegations and expected to take a potential $250 million hit to resolve the matter. The company stopped the contact information collection process in 2019, saying that using the data for advertising purposes was "unintentional."
You can read the full complaint below:
Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.