Twitter is set to pay $150 million to settle a privacy lawsuit brought by the Federal Trade Commission (FTC) and Justice Department.
The settlement, made public Wednesday, concerns allegations that the platform improperly collected user data between 2014 and 2019. The settlement requires a court approval before being finalized.
According to the complaint, Twitter asked users for phone numbers and email addresses to secure their accounts and then let advertisers use that information to target ads.
The platform misrepresented what the information was being collected to do, per the complaint, allegedly violating a previous settlement from 2011 and the FTC Act.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” FTC Chairwoman Lina Khan said in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
Twitter apologized in 2019 for using information collected for security purposes for advertising, saying the data had “inadvertently” been moved into ad targeting information.
Damien Kieran, the platform’s chief privacy officer, acknowledged Wednesday that personal information “may have been inadvertently used for advertising.”
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” he added in a blog post.
The complaint made public Wednesday alleges that Twitter was also falsely saying it complied with the U.S.-European Union and U.S.-Swiss Privacy Shield Frameworks, which had rules about repurposing user data.
In addition to the fine, Twitter would be required to maintain a “comprehensive” privacy and information security program, notify users whose information was misused, limit employee access to personal data and offer multifactor authentication options that don’t require phone numbers.
Author: Chris Mills Rodrigo