Twitter to Pay $200 Million Penalty for ‘Taking Shortcuts with User Privacy’

Twitter to Pay $200 Million Penalty for ‘Taking Shortcuts with User Privacy’
Image: Twitter

Twitter has been ordered to pay a multimillion-dollar penalty by U.S. authorities for taking shortcuts with privacy. The United States Federal Trade Commission (FTC) said Twitter collected users’ information for one purpose (to secure accounts) and used it for another (targeted advertising).

According to the complaint, filed by the U.S. Department of Justice on the FTC’s behalf, starting in around 2013, Twitter told people it was collecting users’ telephone numbers and email addresses for various security purposes – like enabling multi-factor authentication, to reset passwords, unlock accounts, etc. It also states that from 2014 to 2019, more than 140 million Twitter users provided their phone numbers or email addresses after the company told them this information would help secure their accounts.

Twitter, however, failed to mention that it also would be used for targeted advertising, the FTC alleged.

“Twitter used the phone numbers and email addresses to allow advertisers to target specific ads to specific consumers by matching the information with data they already had or obtained from data brokers,” according to the FTC complaint.

Twitter’s deception, the FTC said, violates a 2011 FTC order that explicitly prohibited the company from misrepresenting its privacy and security practices. Under the proposed order, Twitter must pay a $US150 million penalty (which converts to roughly $212 million) and is banned from profiting from its deceptively collected data.

“Today’s settlement means Twitter must put into place a comprehensive privacy and data security program to protect users’ data,” the FTC said.

The FTC said Twitter must also disclose why and how it collects, shares and uses your personal information and offer a multi-factor authentication option that doesn’t require you to give a phone number. Multi-factor authentication, if you’re unfamiliar, is a security feature that requires additional steps beyond just logging in with a password.

“Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” said U.S. Attorney Stephanie M. Hinds for the Northern District of California. “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.”