FTC fined Twitter $150M for using peoples’ information for advertising

Twitter settles allegations that it abused non-public information collected for the security purposes

Twitter fined for abusing personal user dataInformation collected for 2FA was used in targeted advertisement campaigns, so Twitter need to pay $150million

U.S. Federal Trade Commission fines Twitter to pay $150 million for abusing information collected from users for two-factory-authentication purposes to serve targeted advertisements. The platform used people's security phone numbers and email addresses, so officials settled a privacy lawsuit with the DOJ and FTC by paying $150 million.[1] Twitter asked over 140 million users for this information to protect their accounts in 2013. However, it failed to inform users that data also can be used to allow commercial content creators to target them with personalized ads.[2]

The court report[3] shows that this practice started in May 2013 as a requirement for users to improve account security. The primary intention was to help users recover access to the locked accounts as well as enable two-factor authentication by sending the one-time password to the phone number registered by the user.

However, Twitter failed to be transparent about what this data can be used for. Users had no idea that they can receive targeted advertisements by matching them with email addresses and phone numbers already obtained from other advertising parties and websites like data brokers.[4]

Direct violation of the FTC Act

This undisclosed usage of the information not accessed publicly is a violation of the FTC Act and 2011 Commission administrative order that banned the company from misrepresenting its security and privacy practices and profiting from the deceptively collected personal data. This order was issued following the settlement for failing to safeguard users' personal information. The incident occurred when hackers obtained admin control of Twitter between January and May of 2009.

The issue with the incident of targeted advertisements also touches on the fact that the practice of misusing the information collected for the security purposes for targeted advertisements also boosted the primary source of revenue for the platform. Twitter agrees to implement a comprehensive compliance program to resolve the alleged data privacy violations and pay the fine, according to the sources.

The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy

Personal data should be secure and privacy protected

Consumers who share their personal and private information have the right to know if that data is being used by advertisers to target customers. Social media companies that are not honest with their users regarding personal information collection and usage, should be held accountable. This development is already the second time when Twitter has settled with the U.S. consumer protection watchdog because it admitted to charges back in 2011.[5]

This FTC order also addresses:

  • Twitter should not profit from deceptively collected information;
  • users should be provided to use multi-factor authentication methods like mobile authentication apps or security keys that do not require particular private details like telephone numbers;
  • users should be provided information about the Twitter's privacy and security controls and notified about phone numbers and email addresses collected to be used for account security and targeted advertisements;
  • Twitter needs to implement and maintain comprehensive privacy and information security program that requires the company, to examine and address potential risks of new products;
  • limiting employee access to users' personal data;
  • notifying the FTC if the company experiences any security incidents like a data breach.
About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions