Twitter agrees to a $150 million settlement with the Department of Justice and the Federal Trade Com

Twitter and the Department of Justice (DOJ) and Federal Trade Commission (FTC) reached a $150 million settlement on Wednesday for violating a 2011 administrative order by "misrepresenting" how it used nonpublic user information.

From May 2013 to September 2019, Twitter violated the FTC Act by misrepresenting the "“controls it implemented to keep user accounts secure" after prompting users for phone numbers and emails for two-factor authentication, according to a complaint filed in the United States District Court for the Northern District of California. The company, in turn, is accused of using the information for targeted advertising without permission.

According to a DOJ press release, the complaint also alleges that Twitter falsely claimed to comply with then-current Privacy Shield regulations, which prohibited companies from "processing user information in ways that are not compatible with the purposes authorized by users."

Twitter agreed to pay a civil penalty of $150 million and to implement significant new compliance measures to improve its data privacy practices.

In a press release, FTC Chair Lina Khan said, "As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users while boosting Twitter’s primary source of revenue." 

The settlement requires Twitter to:

- Develop and maintain a comprehensive privacy and information security program;

- Conduct a privacy review prior to implementing any new product or service that collects users’ private information;

- Conduct regular testing of its data privacy safeguards;

- Obtain regular assessments of its data privacy program from an independent party;

- Provide annual certifications of compliance from a senior officer;

- Provide reports after any data privacy incidents affecting 250 or more users;

- Notify all U.S. customers who joined Twitter before Sept. 17, 2019, about the settlement; and

- Provide users with options for protecting their privacy and security.

Twitter apologized for the alleged misconduct in a Help Center post.

"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error, and we apologize," the company stated.

Twitter Chief Privacy Officer Damien Kieran wrote that the company will be "conducting regular auditing and reporting to ensure we are mitigating risk at every level and function at Twitter" in the future, in addition to offering a data protection inquiry form for questions about data privacy on the platform.


11 views0 comments