The federal government Wednesday announced that Twitter has agreed to pay $150 million in civil penalties and change its data privacy measures after the platform profited off of deceptively collecting user data for six years.
The Department of Justice and the Federal Trade Commission announced a settlement and complaint with Twitter that, if approved by a federal court, would result in a $150 million penalty. That covers admission by the social media giant that between May 2013 and September 2019, the company told users it was collecting their telephone numbers and email addresses for account security purposes. But Twitter failed to disclose that it also would use that information to help companies send targeted advertisements to users.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chairwoman Lina Khan. “This practice affected more than 140 million Twitter users while boosting Twitter’s primary source of revenue.”
Twitter has agreed to settle the federal government’s allegations by implementing significant new compliance measures intended to ensure that the company improves its data privacy practice through a comprehensive privacy and information security program and conducts regular testing of its data privacy safeguards.
The San Francisco-based tech giant will be required to obtain regular assessments of its data privacy program from an independent assessor, provide annual certifications of compliance from a senior officer, provide reports after any data privacy incidents affecting 250 or more users, and comply with numerous other reporting and record-keeping requirements.
“The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy,” said DOJ Associate Attorney General Vanita Gupta.
The federal government’s complaint against Twitter also alleges that the platform falsely claimed to comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which prohibit tech companies from processing user information in ways that are not authorized by users themselves.
Twitter has taken responsibility for its past user data privacy problems.
“In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected,” Twitter said in a blog post Wednesday.
“Moving forward, we will continue to make investments in this work, including building and evolving processes, implementing technical measures, and conducting regular auditing and reporting to ensure we are mitigating risk at every level and function at Twitter,” the company added.
Under the settlement terms, the DOJ and the FTC will each be responsible for monitoring and enforcing Twitter’s compliance.