As part of a deal with regulators, Twitter has agreed to pay $150 million to resolve charges that the social media platform misrepresented the security and privacy of user data for several years.
The Federal Trade Commission (FTC) and the Department of Justice said that Twitter asked users for personal information to secure their accounts between May 2013 and September 2019 but then used that information to target users with advertisements.
This Is Not the First Violation of Twitter of the FTC Act
In a blog published by the FTC on May 25, the federal agency filed a complaint against the social media giant in 2010. In that scenario, Twitter informed users that they had control over who could see their tweets and that recipients could only see their private messages.
However, the FTC claims that Twitter lacked adequate controls to ensure users' preferences were respected. In other words, Twitter did not care.
Multiple instances were detailed in the 2010 complaint in which Twitter's actions — or inactions — resulted in illegal access to users' personal information.
To resolve the lawsuit, Twitter consented to a final ruling in 2011 that would impose significant financial penalties if it misrepresented the extent to which it maintains and protects any nonpublic consumer information's security, privacy, secrecy, or integrity. The order barred misrepresentations about how Twitter manages user information such as email addresses and phone numbers, TechCrunch reported.
$150 Million Twitter Settlement for the Alleged Privacy Breach
Twitter first informed investors in August 2020 that it was under investigation by the FTC and could face a fine of more than a hundred million dollars for breaking the FTC Act and its 2011 settlement.
The complaint specifically said, "Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences."
Read More: At Least 35 of the 75 Popular Websites Tested Found To Be Vulnerable To Account Pre-Hijacking
The FTC Adds New Orders Aimed To Protect Consumers
The new order adds extra safeguards to protect customers in the future, in addition to imposing a $150 million civil penalty for violating the 2011 order:
- Twitter is not allowed to display advertising using the phone numbers and email addresses it illegally acquired.
- Users must be informed about Twitter's improper use of phone numbers and email addresses, the FTC's legal action, and how to turn off tailored ads and review their multi-factor authentication settings.
- Twitter should offer multi-factor authentication methods that do not need users to submit their phone numbers.
- Twitter must implement an enhanced privacy program and a beefed-up information security program that includes multiple new provisions outlined in the order, obtain privacy and security assessments from an independent third party that the FTC has approved, and report privacy or security incidents to the FTC within 30 days.
Related Article: Twitter Has Released a New Web Game To Help People Understand Its Privacy Policies
