In a piece of recent news, Twitter has paid a $150 million fine to the FTC over its”deceptive” use of user data for targeted advertising. Apparently, Twitter’s deceptive use of user data has stemmed fine in 2019 as well.
Twitter’s Deceptive Use of User Data
Recently, Twitter’s deceptive use of user data has been making the headlines, and has sued the company for a lump-sum amount of fine. The fine stems from the company’s admission in 2019 that it had for years used Twitter users’ phone numbers and email addresses provided for two-factor authentication to also serve targeted ads.
Regarding Twitter’s deceptive use of user data, the company said at the time that its use of the phone numbers for ads was “an error,” and that it wasn’t certain how many users were affected. In a statement, FTC Chair Lina Khan said that more than 140 million users were affected by the practice, which persisted between 2014 and 2019. It was also in violation of a previous agreement Twitter had with the FTC, dating back to 2011, which “prohibited the company from misrepresenting its privacy and security practices.”
Comprehensive Privacy and Information Security
In a statement, Twitter’s Chief Privacy Officer Damien Kieran said the company has “cooperated with the FTC every step of the way. This issue was addressed as of September 17, 2019, and today we want to reiterate the work we’ll continue to do to protect the privacy and security of the people who use Twitter. In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected.”
In addition to the fine, the FTC order stipulates that Twitter notify all users whose phone numbers and emails were originally collected for ‘account security’ that was also used for ads. It also requires Twitter to make two-factor authentication available via methods other than phone numbers, which the company adopted in 2019. Twitter will also create a new ‘comprehensive privacy and information security program’ to review new products for potential privacy and security risks.