Twitter has paid the Federal Trade Commission (FTC) a $150 million fine for its deceptive use of user data for targeted advertising. The fine stems from the company’s admission in 2019 that for years it had used Twitter users’ phone numbers and email addresses provided for two-factor authentication to deliver targeted ads as well.
The company said at the time that its use of phone numbers for ads was a “mistake”, and that it was not certain how many users were affected. Lina Khan, chair of the Federal Trade Commission, said in a statement that more than 140 million users were affected by the practice, which continued between 2014 and 2019. It also violates an earlier agreement Twitter had with the FTC, dating back to 2011, which prevented the company from misrepresenting its privacy and security practices.
In a statement, Twitter’s chief privacy officer, Damien Keran, said the company has cooperated with the Federal Trade Commission every step of the way. “This issue has been addressed as of September 17, 2019, and today we would like to reiterate the work we will continue to do to protect the privacy and security of people who use Twitter,” Kiran said.
He added, “In order to reach this settlement, we paid a $150 million fine, and agreed with the agency on operational updates and program improvements to ensure personal data remains secure and users’ privacy is protected.
In addition to the fine, the FTC order requires Twitter to notify all users whose phone numbers and emails were originally collected for “account security” that were also used for ads.
It also requires Twitter to enable two-factor authentication through methods other than phone numbers, which the company adopted in 2019. Twitter will also create a comprehensive privacy and information security program to review new products for potential privacy and security risks.