The Federal Trade Commission and Twitter have reached a $150 million agreement to settle the social media company’s misuse of private data.
The FTC had accused Twitter of using users’ private data for targeted ads without their knowledge – a practice the regulator said it spans over several years.
“Companies can’t tell consumers they will use their personal information for one purpose and then use it for another… that’s the kind of digital bait-and-switch Twitter pulled on unsuspecting consumers. Twitter asked users for personal information for the express purpose of securing their accounts, but then also used it to serve targeted ads for Twitter’s financial benefit. It wasn’t Twitter’s first alleged violation of the FTC Act, but this one will cost the company $150 million in civil penalties,” the complaint, which was filed by the DOJ on behalf of the FTC, said.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The FTC and Department of Justice said that between May 2013 and September 2019, Twitter asked users for personal information to secure their accounts, but then used that information to target users with ads.
But Twitter has been here before. The complaint cited FTC’s 2010 complaint against Twitter, where the microblogging app was accused by the FTC of serious lapses in its data security that allowed hackers to obtain unauthorized administrative control of the platform. In that case, “Twitter told users that they could control who had access to their tweets and that their private messages could be viewed only by recipients.” But according to the FTC, Twitter didn’t have reasonable safeguards to ensure users’ choices were honored.
The case was later settled in 2011 on the agreement to an order that if Twitter further misrepresents “the extent to which it [Twitter] maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information.” The order prohibited misrepresentations around how Twitter maintains information like email addresses and phone numbers collected from users.
Based on this order, Twitter had known that the FTC’s hammer is coming. In August 2020, the company warned investors of FTC’s probe that could potentially end in a fine of more than a hundred million dollars, per TechCrunch.
“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint, which was filed by the Commission said.
The complaint said users provided email addresses or telephone numbers based on Twitter’s “deceptive statements” that such information would be used for account security, like two-step authorizations.
“This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue,” said FTC Chair Lina Khan in a statement.
In addition to the fine, the FTC outlined other things that Twitter is prohibited to do:
- Twitter is prohibited from using the phone numbers and email addresses it illegally collected to serve ads.
- Twitter must notify users about its improper use of phone numbers and email addresses, tell them about the FTC law enforcement action, and explain how they can turn off personalized ads and review their multi-factor authentication settings.
- Twitter must provide multi-factor authentication options that don’t require people to provide a phone number.
- Twitter must implement an enhanced privacy program and a beefed-up information security program that includes multiple new provisions spelled out in the order, get privacy and security assessments by an independent third party approved by the FTC, and report privacy or security incidents to the FTC within 30 days.