Twitter to pay 150 Mn USD to FTC to settle a privacy breach

FTC charged Twitter for deceptively using data garnered from two-factor authentication to sell targeted ads to advertisers, and imposed a penalty of 150 Mn USD for "violating 2011 FTC Order and cease profiting from deceptively collected data".

The FTC (Federal Trade Commission) states that Twitter asked for user data such as phone numbers and email addresses to protect their accounts and then profited off the data by using it for targeted advertising. The issue was first brought to light in 2019 and was addressed as of September 17, 2019.

FTC Chair Lina M. Khan states, "As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users while boosting Twitter’s primary source of revenue".

Along with the 150 Mn USD penalty, other provisions of the proposed order would:

• Prohibit Twitter from profiting from deceptively collected data
• Allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers
• Notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about Twitter’s privacy and security controls

Also Read: Twitter Co-Founder Jack Dorsey steps down from Board

• Implement and maintain comprehensive privacy and information security program that requires the company, among other things, to examine and address the potential privacy and security risks of new products
• Limit employee access to users’ personal data
• Notify the FTC if the company experiences a data breach

US Attorney Stephanie M. Hinds for the Northern District of California mentioned, "Social media companies that are not honest with consumers about how their personal information is being used will be held accountable".

Twitter mentions they have paid the settlement amount and aligned with the agency on operational updates and program enhancements. The platform also mentions it would be implementing technical measures, and conducting regular auditing and reporting to ensure mitigation of risk and function at Twitter. The company would also be partnering with FTC and privacy regulators while building products and services.