Twitter Is Charged $150 Million By FTC To Settle Data Privacy Breach
The Federal Trade Commission charged Twitter $150 million for violating a 2011 FTC order to stop benefiting from deceptively collected data by falsely selling targeted advertising to advertisers using data obtained through two-factor authentication.
"Social media firms who are not honest with customers about how their personal information is being utilized will be held accountable," said US Attorney Stephanie M. Hinds for the Northern District of California.
Twitter requested user data such as phone numbers and email addresses to protect their accounts and then benefited from the data by utilizing it for targeted advertising. The problem was originally raised in 2019 and has been resolved as of September 17, 2019.
According to FTC Chair Lina M. Khan:
"As the complaint acknowledges, Twitter gathered data from users under the guise of using it for security purposes but then ended up using the data to target users with ads. This approach impacted over 140 million Twitter users while also increasing Twitter's principal revenue stream."
In addition to the $150 million penalties, other provisions include:
Twitter should not be allowed to profit from falsely acquired data.
Allow customers to use other multi-factor authentication methods that do not need them to submit their phone numbers, such as mobile authentication apps or security keys.
Notifying users that phone numbers and email addresses acquired for account security were also used to target adverts at them, as well as information about Twitter's privacy and security measures.
Implement and maintain robust privacy and information security programs that require the organization to assess and address any privacy and security concerns associated with new products, among other things.
Employee access to personal data should be limited.
If the company suffers a data breach, notify the FTC.
Twitter said it has paid the penalty and is working with the FCC on operational upgrades and program improvements. To ensure risk reduction and function at Twitter, the platform said it will install technical safeguards and undertake frequent auditing and reporting. While developing products and services, the company will collaborate with the FTC and privacy regulators.