After law enforcement officials accused Twitter of illegally utilizing users’ data to help sell targeted adverts, the company has been fined $150 million (£119 million) in the United States.
According to court records, the Federal Trade Commission (FTC) and the Department of Justice claim that Twitter broke a contract with regulators. Twitter has previously stated that it would not provide advertisers with personal information such as phone numbers and email addresses.
Federal investigators say the social media company broke those rules. Twitter was fined £400,000 in December 2020 for breaking Europe’s GDPR data privacy rules.
The Federal Trade Commission (FTC) is an independent agency of the US government whose mission is the enforcement of anti-trust laws and the promotion of consumer protection.
It accuses Twitter of breaching a 2011 FTC order that explicitly prohibited the company from misrepresenting its privacy and security practices. Twitter generates most of its revenue from advertising on its platform, which allows users ranging from consumers to celebrities to corporations to post 280-character messages or tweets.
According to a complaint filed by the Department of Justice on behalf of the FTC, Twitter 2013 began asking users to provide either a phone number or email address to improve account security.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes, but then ended up also using the data to target users with ads,” said Lina Khan, who chairs the FTC.
“This practice affected more than 140 million Twitter users while boosting Twitter’s primary source of revenue.”
VIOLATION OF AUTHENTICATION
“Once again, Twitter is breaking the confidence that their users have in their platform by utilizing their private information to their advantage and raising their revenue,” Ian Reynolds, managing director of computer security firm Secure Team, told the BBC.
“Twitter misled their customers into a false feeling of security by gathering their data under the guise of security and account protection, but eventually ended up exploiting the data to target their users with adverts,” he continued.
“This reality demonstrates the power that corporations still wield over your data and that there is still a long way to go before people can feel confident in their ability to fully control their digital footprint.”
Twitter needs users to submit a phone number and an email address to verify their accounts. People can use this information to reset their passwords and unlock their accounts if necessary, as well as enable two-factor authentication.
Two-factor authentication adds an extra layer of security by sending a code to a phone number or email address in addition to a username and password to allow users to connect to Twitter. According to the Federal Trade Commission, Twitter was also using the information to improve its advertising business until at least September 2019.