Twitter Inc. settled a lawsuit today with the Department of Justice and Federal Trade Commission, paying a fine that set the social media giant back $150 million.
The lawsuit claims that Twitter acted deceptively between 2013 and 2019 when it used users’ phone numbers and emails as a means to target advertising. The information should have been used to authenticate accounts.
The lawsuit says Twitter users believed the information given was for such security purposes, but it was instead sold to advertisers. That breached an order set by the FTC in 2011 related to privacy and security practices.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina M. Khan. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
The DOJ said the amount Twitter will pay reflects the seriousness of the transgression, and now there are “substantial new compliance measures” to which Twitter will have to adhere. The company has to allow audits of its data privacy program, combined with other restrictions, which Twitter will handle under its new Data Governance Committee.
“Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” said U.S. Attorney Stephanie M. Hinds for the Northern District of California. “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.”
Twitter Chief Privacy Officer Damien Kieran said the settlement is an acknowledgment of the company’s newfound commitment to security and privacy, adding that it will work closely with regulators from now on. Sill, the fine is small change compared with the $5 billion Facebook Inc. paid in 2019 after the Cambridge Analytica scandal, which among other transgressions included Facebook selling user phone numbers to advertisers that were supposed to be for security purposes.
Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, told SiliconANGLE that the relatively small size of the fine shouldn’t be seen as just a slap on the wrist.
“This settlement is an unambiguous and expressive message that the FTC has been and will continue regulating privacy in the U.S. amid the fragmented state privacy legislation and missing federal privacy law,” he said. “It will be interesting to see whether privacy-sensitive European regulators, pursuing their harsh enforcement policy, will commence a new probe on Twitter over the possibly previously unknown facts exposed by this settlement. In the EU, the fine may be significantly higher.”
This has been a tumultuous time for Twitter, with Elon Musk’s proposed $44 billion acquisition taking many turns. Just today, Twitter founder Jack Dorsey said he’s stepping down from the board, while stating that the sometimes controversial Musk and his promise of more free speech on the platform is a step in the right direction. “This is the right path,” said Dorsey. “I believe it with all my heart.”