The Federal Trade Commission (FTC) of the United States has fined Twitter $150 million. The social network firm was accused of targeting adverts based on its customers’ personal information, which it stated would be used to secure their accounts.
This isn’t the first time the FTC has been accused of breaking the law, which gives the agency the authority to “prevent unfair or deceptive actions or practices in or affecting commerce,” among other things. In 2011, Twitter reached a settlement with the Federal Trade Commission (FTC), which had accused the company of major data security flaws that allowed hackers to gain unauthorized administrative control of the platform.
The decision forbade misrepresentations about how Twitter manages user information such as email addresses and phone numbers.
The just-announced $150 million civil penalty stems from a new complaint filed by the Department of Justice on behalf of the FTC, alleging that Twitter violated the order in the earlier case by collecting customers’ personal information for the stated purpose of security and then exploiting it commercially.
- The FTC in a statement announcing the fine, said: “Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint, which was filed by the DOJ on behalf of the FTC.”
- The complaint said users provided email addresses or telephone numbers based on Twitter’s “deceptive statements” that such information would be used for account security, like two-step authorizations.
- “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue,” the FTC added.
In addition to imposing a $150 million civil penalty for violating the 2011 order, the new order adds more provisions to protect consumers in the future:
- Twitter is prohibited from using the phone numbers and email addresses it illegally collected to serve ads.
- Twitter must notify users about its improper use of phone numbers and email addresses, tell them about the FTC law enforcement action, and explain how they can turn off personalized ads and review their multi-factor authentication settings.
- Twitter must provide multi-factor authentication options that don’t require people to provide a phone number.
- Twitter must implement an enhanced privacy program and a beefed-up information security program that includes multiple new provisions spelled out in the order, get privacy and security assessments by an independent third-party approved by the FTC, and report privacy or security incidents to the FTC within 30 days.