(CelebrityAccess) — Social media giant Twitter is facing a $150 million dollar fine from the Department of Justice and the Federal Trade Commission to settle allegations that it misused user’s private data to sell advertising.
In a complaint filed in the U.S. District Court for the Northern District of California on Wednesday, attorneys for the government alleged that Twitter violated the FTC Act and a 2011 order when they used data customers had provided for account security such as email addresses and phone numbers to deliver targeted advertising.
The misuse of customer data took place for at least six years, from 2013 to 2019, during which time Twitter failed to properly disclose to its users how their data was being used, government prosecutors alleged.
Under the terms of the proposed settlement, Twitter would also be required to pay civil penalties of $150 million and develop a “comprehensive” set of new rules governing the use of personal information and record keeping.
The changes to Twitter’s privacy practices include the implementation of a privacy review system for new customer-data facing features prior to their implementation and regular testing of Twitter’s data privacy safeguards, including by independent auditors.
Twitter also faces new reporting requirements, including providing reports on data privacy incidents that affect 250 or more users. According to the joint statement, both the DOJ and the FTC will take a role in monitoring Twitter’s compliance.
Under the settlement, which must be approved by a federal court, Twitter did not admit wrongdoing. Nor did a joint statement from the federal agencies mention a consent decree which the government has imposed in the past to encourage ongoing compliance, such as with Live Nation’s 2010 merger with Ticketmaster.
“The Department of Justice is committed to protecting the privacy of consumers’ sensitive data,” said Associate Attorney General Vanita Gupta. “The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy.”
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina M. Khan. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
“Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” said U.S. Attorney Stephanie M. Hinds for the Northern District of California. “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.”
Following the release of the joint statement from the Department of Justice and the Federal Trade Communication, Twitter’s Chief Privacy Officer Damien Kieran shared a statement from the company.
“On May 25, 2022, Twitter reached a settlement with the Federal Trade Commission (FTC) regarding a privacy incident disclosed in 2019 when some email addresses and phone numbers provided for account security purposes may have been inadvertently used for advertising. This issue was addressed as of September 17, 2019, and today we want to reiterate the work we’ll continue to do to protect the privacy and security of the people who use Twitter.
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way. In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected.
“Twitter’s commitment to security and privacy is not a point-in-time exercise for us but a core value we constantly enhance by updating our practices to meet the evolving needs of our customers. The recently announced Data Governance Committee is an embodiment of our dedication to strengthen the implementation of our privacy and security policies and standards, as well as to expand our internal privacy and security review processes during the product development life cycle.
“Moving forward, we will continue to make investments in this work, including building and evolving processes, implementing technical measures, and conducting regular auditing and reporting to ensure we are mitigating risk at every level and function at Twitter. We will also continue to partner with the FTC, and our security and privacy regulators around the world, on our shared mission of building useful products and services that meet our customers’ needs while keeping the information they share with us secure and respectful of their privacy.”