After law enforcement officials accused Twitter of illegally utilizing users’ data to help sell targeted adverts, the company was fined $150 million (£119 million) in the United States.
According to court records, the Federal Trade Commission (FTC) and the Department of Justice claim that Twitter broke a contract with regulators.
Twitter has previously said that it would not provide advertisers with personal information such as phone numbers and email addresses.
According to federal authorities, the social media business violated the rules.
In December 2020, Twitter was fined £400,000 for violating the GDPR data privacy standards in Europe.
The Federal Trade Commission (FTC) is an independent US government organization tasked with enforcing antitrust laws and promoting consumer protection.
The BBC is not responsible for the content of external sites. View the original tweet on Twitter.
Advertising on Twitter’s platform, which lets users ranging from consumers to celebrities to companies publish 280-character messages or tweets, produces the majority of the company’s revenue.
Twitter began requesting users for a phone number or email address in 2013 to strengthen account security, according to a lawsuit filed by the Department of Justice on behalf of the FTC.
“As the complaint states, Twitter gathered data from users under the guise of using it for security purposes, but subsequently used the data to target users with advertisements,” said FTC chair Lina Khan.
“This behaviour impacted over 140 million Twitter users while also increasing Twitter’s principal revenue.”
Authentication violation
“Once again, Twitter is breaking the confidence that its users have in their platform by using their private information to their own advantage and growing their own income,” Ian Reynolds, managing director of computer security firm Secure Team, told the BBC.
“Twitter misled their consumers into a false feeling of security by gathering their data under the idea of security and account protection, but eventually ended up exploiting the data to target their users with adverts,” he continued.
“This reality demonstrates the power that corporations still wield over your data, and that there is still a long way to go before people can feel confident in their ability to fully control their digital footprint.”
Twitter needs users to submit a phone number and an email address in order to verify their accounts.
People may use this information to reset their passwords and unlock their accounts if necessary, as well as enable two-factor authentication.
Two-factor authentication adds an extra layer of protection by sending a code to a phone number or email address in addition to a username and password to allow users to connect to Twitter.
According to the FTC, Twitter was also utilizing the information to improve its advertising business until at least September 2019.
Advertisers are accused of having access to users’ security information.
In addition to the fine, Twitter must also:
- stop using the phone numbers and email addresses it illegally collected
- notify users about its improper use of security information
- tell users about the FTC law enforcement action
- explain how to turn off personalized adverts and review multi-factor authentication settings
- provide multi-factor authentication options that do not need a phone number
- implement an enhanced privacy and security program which includes reporting incidents to the FTC within 30 days
Vanita Gupta, the US assistant attorney general, stated, “The Department of Justice is dedicated to preserving the privacy of customers’ sensitive data.”
“The proposed settlement’s $150 million penalty reflects the severity of the claims against Twitter, and the significant additional compliance requirements that will be imposed as a result of the proposed deal will help prevent similar deceptive techniques that endanger users’ privacy.”
