Twitter was fined $150 million in the US for selling user data
Twitter in the US is to pay a $150m (£119m) fine after being accused by law enforcement officials of unlawfully using user data to help sell targeted adverts.
The Federal Trade Commission (FTC) and the Department of Justice said Twitter violated an agreement with regulators, according to court documents.
Twitter has pledged not to provide personal information such as phone numbers and email addresses to advertisers.
Federal investigators say the social media company violated those policies.
Twitter was fined £400,000 in December 2020 for breaching EU GDPR data privacy rules.
The FTC is an independent US government agency whose mission is to enforce antitrust laws and promote consumer protection.
Twitter generates most of its revenue from advertising on its platform, which allows users, from consumers to celebrities to businesses, to post 280-character messages or tweets.
According to a complaint filed by the Justice Department on behalf of the FTC, in 2013 Twitter began asking users to provide a phone number or email address to improve account security.
“As the complaint points out, Twitter obtained user data under the guise of mining it for security purposes, but also used the data to target users with advertisements,” Lina said. Khan, who heads the FTC.
“This practice has impacted over 140 million Twitter users, while increasing Twitter’s primary source of revenue.”
Ian Reynolds, chief executive of IT security firm Secure Team, told the BBC: “Once again, Twitter is breaching its users’ trust in its platform by using their private information for its own benefit and increasing its own we. we “.
He added: “Twitter tricked their customers into a false sense of security by taking their data pretending it was for security purposes and protecting their account, but ultimately used the data to target ads to their users. .
“This reality demonstrates the power companies still have in their data and that there is still a long way to go for users to feel comfortable knowing they have full control over their own digital footprint. ”
To authenticate an account, Twitter requires users to provide a phone number and email address.
This information also helps users reset their passwords and unlock their accounts if needed, as well as enable two-factor authentication.
Two-factor authentication provides an additional layer of security by sending a code to a phone number or email address to help users log into Twitter with a username and password.
But, according to the FTC, until September 2019, Twitter is also using this information to boost its advertising business.
He was accused of allowing advertisers to access users’ security information.
In addition to the fine, Twitter must also:
stop using phone numbers and email addresses that you collected illegally
notify users of misuse of security information
Notifying Users of FTC Enforcement Actions
explain how to opt out of personalized ads and check multi-factor authentication settings
provide multi-factor authentication options that do not require a phone number
implement an enhanced privacy and security program that includes reporting incidents to the FTC within 30 days
“The Department of Justice is committed to protecting the privacy of sensitive consumer data,” said Vanita Gupta, Assistant United States Attorney General.
“The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new enforcement actions that will be imposed as a result of the proposed settlement will help prevent more deceptive tactics that threaten users’ privacy. “