This week, social media platform Twitter agreed to pay $150 million in fines after the U.S. government had sued the company, alleging that it misled consumers about how it protects their personal data. According to the federal lawsuit, the micro-blog service had failed to tell its users for years that it used their contact information to help marketers target their advertising. That was in violation of a 2011 privacy settlement with the Federal Trade Commission.
“This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue,” FTC Chair Lina Khan said in a statement.
The FTC and the Department of Justice (DoJ) claimed that Twitter told its users that it was collecting their telephone numbers and email addresses for account-security purposes, yet had failed to disclose that it also would use that information to help companies send targeted advertisements to consumers.
“The Department of Justice is committed to protecting the privacy of consumers’ sensitive data,” said Associate Attorney General Vanita Gupta, also in a statement on Wednesday. “The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy.”
Twitter agreed to settle the government’s allegations by paying the $150 million civil penalty. It also agreed to implement significant new compliance measures that are intended to ensure that the platform improves its data privacy practices.
Among those measures, Twitter will be required to develop and maintain a comprehensive privacy and information-security program, conduct a privacy review with a written report prior to implementing any new product or service that collects users’ private information, and conduct regular testing of its data privacy safeguards, the DoJ explained.
In addition, Twitter will be required to obtain regular assessments of its data privacy program from an independent assessor, provide annual certifications of compliance from a senior officer, provide reports after any data privacy incidents affecting 250 or more users, and comply with numerous other reporting and record-keeping requirements. The settlement will further require the social media platform to notify all of its U.S. customers who joined Twitter before Sept. 17, 2019, about the settlement and to provide users with options for protecting their privacy and security. Under the settlement terms, the DoJ and FTC will each maintain responsibility for monitoring and enforcing Twitter’s compliance.
This fine is as much a warning to other social media platforms, explained Paul Bischoff, Internet privacy advocate with Comparitech.
“In 2019, Twitter admitted to using users’ phone numbers, which were submitted in order to enable two-step verification, for advertising purposes. This violated both EU and U.S. laws. Now we’re finally seeing the outcome,” Bischoff said in an email.
“The most important thing to remember about the FTC’s $150 million fine is that it is based on a ruling and order the Commission made in 2011,” added technology analyst Charles King of Pund-IT.
“Twitter agreed to abide by that decision by promising not to commercially exploit users’ private information, then broke its promise beginning in 2013 by selling users’ private email addresses and phone numbers to advertisers,” King noted. “In other words, the FTC found that Twitter had abused its position with users/consumers and warned the company that future such behavior would result in large penalties. Twitter said it understood and agreed, then bought a rope and ladder and went looking for a tree with a stout branch.”
The wheels of justice were also apparently slow moving.
“What’s interesting is that despite an admission of guilt, it took nearly three years for the FTC and DoJ to reach a settlement, no criminal charges were filed, and no court precedent was set,” added Bischoff. “I would like to see more accountability for billion-dollar corporations.”