Twitter will pay $150 million to settle a privacy lawsuit with the Department of Justice (DOJ) and Federal Trade Commission (FTC). The settlement, announced today, covers a complaint that Twitter deceptively used members’ email addresses and phone numbers for targeted advertising. On top of the fine, Twitter must also accept audits of its data privacy program among other restrictions.
The legal filing claims that Twitter misrepresented its policies to users between 2013 and 2019, violating both the FTC Act and an order from a previous settlement in 2011. The company encouraged users to add a phone number or email address to enable security measures like two-factor authentication. In reality, however, Twitter also incorporated that information into its ad targeting data. It apologized for the practice in 2019, saying it had “inadvertently” funneled the addresses and numbers into its ad system. The complaint also alleges that during that period, Twitter was falsely claiming to comply with the European Union-US and Swiss-US Privacy Shield Frameworks, which restricted how companies could repurpose user data.
“The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy,” said Associate Attorney General Vanita Gupta in a statement. The FTC took aim at Facebook for a similar practice in 2019, fining the company $5 billion for that and other privacy violations.
The new compliance measures will require Twitter to maintain a “comprehensive” privacy and information security program, and it must conduct regular tests and audits of its safeguards. It must also notify anyone who joined Twitter before September 2019 of the settlement after a federal court approves it.
Twitter chief privacy officer Damien Kieran acknowledged the settlement in a blog post and tweet thread. “Our settlement with the FTC reflects Twitter’s pre-existing commitments and investments in security and privacy,” Kieran tweeted. “We will continue to partner with our regulators to make sure they understand how security and privacy practices at Twitter are always evolving for the better.”