Twitter agrees to pay millions in fines after US government alleges privacy breaches

According to the federal lawsuit, Twitter failed to tell its users for years that it used their contact information to help marketers target their ads — in violation of a 2011 privacy settlement with the Federal Trade Commission.

“This practice has affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue,” FTC Chair Lina Khan said in a statement.

Twitter said Wednesday that the use of personal information for ads was “unintentional,” and that the incident was first disclosed in 2019.

“This issue has been addressed as of September 17, 2019, and today we would like to reiterate the work we will continue to do to protect the privacy and security of people who use Twitter,” said Damien Keran, Twitter’s chief privacy officer, Wrote in a blog post. “Maintaining data security and respecting privacy is something we take very seriously, and we have cooperated with the FTC every step of the way. To reach this settlement, we paid a $150 million fine, and agreed with the agency to run updates and program improvements to ensure people’s personal data remains secure. and protect their privacy.”
The lawsuit, filed Wednesday by the Federal Trade Commission and the Department of Justice in the US District Court for the Northern District of California, represents Twitter’s latest headache amid a turbulent acquisition by billionaire Elon Musk and a staff shift at the company that has led to several senior employee departures.

In the case of the alleged misconduct, Twitter only told users that their phone numbers and email addresses are being used for account security purposes, but failed to mention the ads, according to a copy of the complaint seen by CNN.

“From at least May 2013 until at least September 2019, Twitter misrepresented users of its online communication service to what extent it has kept their non-public contact information safe and private,” the complaint reads.

The complaint also alleges that Twitter’s behavior violated the terms of the 2011 settlement arising from two hacking incidents where the attackers had administrative privileges on the platform. Under the settlement, Twitter is prohibited from misleading the public about how it protects consumer data. Violations of the agreement can result in fines.

“Twitter’s misrepresentations violate the FTC Act and a 2011 order, which specifically prohibits the company from providing misrepresentations regarding the security of non-public consumer information,” the complaint said.

In addition to the $150 million fine, a proposed new agreement between Twitter and the FTC to settle allegations on Wednesday also prevents the company from making profits from what the FTC described as “deceptively aggregated data” and allowing user authentication methods other than phone numbers. , such as multi-factor authentication applications. The Company will also be required to inform users of its failure to disclose its alleged practice of using contact information for advertising purposes.

Wednesday’s settlement has yet to be approved by the court.

Leave a Comment