FTC and DOJ Order Twitter to Pay $150 Million Penalty

Everyone has gone through the setup for a Twitter account, the need to input either a phone or email to start the account creation process. However, according to the FTC, the intention of Twitter wasn’t in order to amplify the privacy of their users, but instead for profit. This defies an order Twitter received that “explicitly prohibited the company from misrepresenting its privacy and security practices,” and now due to the violation, the FTC and DOJ have ordered Twitter to pay a $150 million penalty.

“From 2014 to 2019, more than 140 million Twitter users provided their phone numbers or email addresses after the company told them this information would help secure their accounts, according to the complaint. Twitter, however, failed to mention that it also would be used for targeted advertising, the FTC alleged. Twitter used the phone numbers and email addresses to allow advertisers to target specific ads to specific consumers by matching the information with data they already had or obtained from data brokers, according to the FTC complaint.”

Along with misleading consumers, the FTC also added that Twitter could be held liable for putting the privacy of their consumers at risk due to their lack of priority in safeguarding information. These factors allegedly were causes for 2 data breaches the platform went through. Following the $150 Million penalty, the FTC has added further proposed guidelines for the social media platform with the end goal of educating Twitter consumers:

1. prohibit Twitter from profiting from deceptively collected data;

2. allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers;

3. notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about Twitter’s privacy and security controls;

4. implement and maintain a comprehensive privacy and information security program that requires the company, among other things, to examine and address the potential privacy and security risks of new products;

5. limit employee access to users’ personal data; and

6. notify the FTC if the company experiences a data breach.

How Twitter plans to respond is still up in the air, but many have shifted their attention to Elon Musk, as they wait to see how he handles his platform’s first situation.