According to court records, the Federal Trade Commission (FTC) and the Department of Justice claim that Twitter broke a contract with regulators.
Twitter has previously stated that it would not provide advertisers with personal information such as phone numbers and email addresses.
According to federal authorities, the social media company violated the rules.
In December 2020, Twitter was fined £400,000 for violating the GDPR data privacy standards in Europe.
The Federal Trade Commission (FTC) is an independent US government organization tasked with enforcing antitrust laws and promoting consumer protection.
Twitter is accused of violating a 2011 FTC injunction prohibiting the corporation from misrepresenting its privacy and security procedures.
Advertising on Twitter’s platform, which lets users ranging from consumers to celebrities to corporations to post 280-character messages, or tweets, generates the majority of the company’s revenue.
Twitter began requesting users for a phone number or email address in 2013 to strengthen account security, according to a lawsuit filed by the Department of Justice on behalf of the FTC.
“As the complaint states, Twitter gathered data from users under the guise of using it for security purposes, but subsequently used the data to target users with ads,” said FTC chair Lina Khan.
“This behavior impacted over 140 million Twitter users while also increasing Twitter’s principal revenue stream.”
Authentication violation
“Once again, Twitter is abusing the confidence that their users have in their platform by utilizing their private information to their own advantage and growing their own revenue,” said Michael Reynolds, managing director of computer security firm Secure Team, to the BBC.
“Twitter misled their customers into a false feeling of security by gathering their data under the guise of security and account protection, but eventually ended up exploiting the data to target their users with adverts,” he continued.
“This reality demonstrates the power that corporations still wield over your data, and that there is still a long way to go before people can feel confident in their ability to fully control their digital footprint.”
Twitter needs users to submit a phone number and an email address in order to verify their account.
People can use this information to reset their passwords and unlock their accounts if necessary, as well as enable two-factor authentication.
Two-factor authentication adds an extra layer of security by sending a code to a phone number or email address in addition to a username and password to allow users connect into Twitter.
According to the FTC, Twitter was also using the information to improve its advertising business until at least September 2019.
Advertisers are accused of having access to users’ security information.
In addition to the monetary penalty, Twitter must:
- stop using the phone numbers and email addresses it illegally collected
- notify users about its improper use of security information
- tell users about the FTC law enforcement action
- explain how to turn off personalised adverts and review multi-factor authentication settings
- provide multi-factor authentication options that do not need a phone number
- implement an enhanced privacy and security programme which includes reporting incidents to the FTC within 30 days
Vanita Gupta, the US associate attorney general, stated, “The Department of Justice is dedicated to protecting the privacy of customers’ sensitive data.”
“The proposed settlement’s $150 million penalty reflects the seriousness of the claims against Twitter, and the significant additional compliance requirements that will be imposed as a result of the proposed deal will help prevent similar misleading techniques that endanger users’ privacy.”
 in the United States.){kind=link}