The Department of Justice (DOJ) and the Federal Trade Commission (FTC) have agreed to pay Twitter $150 million to resolve a privacy dispute (FTC). The agreement, which was announced today, resolves an allegation that Twitter exploited members’ email addresses and phone numbers for targeted advertising without their consent. Twitter must also accept audits of its data privacy programme, among other restrictions, in addition to the fine.
According to the legal filing, between 2013 and 2019, Twitter misrepresented its policies to users, in violation of both the FTC Act and an order from a previous settlement in 2011. Users were prompted to add a phone number or email address in order to enable security features such as two-factor authentication.
In actuality, Twitter included such data into its ad targeting data as well. It apologised for the conduct in 2019, stating the addresses and phone numbers were “inadvertently” routed into its ad system. According to the complaint, Twitter falsely claimed to comply with the European Union-US and Swiss-US Privacy Shield Frameworks throughout that time, which limited how companies may repurpose user data.
In a statement, Associate Attorney General Vanita Gupta said, “The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy.” In 2019, the Federal Trade Commission (FTC) fined Facebook $5 billion for a similar behaviour and other privacy violations.
Twitter will be required to maintain a “comprehensive” privacy and information security programme, as well as conduct frequent testing and audits of its safeguards, under the new compliance standards. After a federal court approves the settlement, it must notify anybody who joined Twitter before September 2019.
In a blog post and a tweet thread, Twitter’s chief privacy officer Damien Kieran recognised the payment. Kieran tweeted, “Our settlement with the FTC reflects Twitter’s pre-existing commitments and investments in security and privacy.” “We will continue to partner with our regulators to make sure they understand how security and privacy practices at Twitter are always evolving for the better.”