Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Twitter to Pay $150M Penalty Over Privacy of Users’ Data

Twitter will pay a $150 million penalty and put in new safeguards to settle federal regulators’ allegations that the social platform failed to protect the privacy of users’ data over a six-year span.

Twitter will pay a $150 million penalty and put in new safeguards to settle federal regulators’ allegations that the social platform failed to protect the privacy of users’ data over a six-year span.

The Justice Department and the Federal Trade Commission announced the settlement with Twitter on Wednesday. The regulators allege Twitter violated a 2011 FTC order by deceiving users about how well it maintained and protected the privacy and security of their nonpublic contact information.

From May 2013 to September 2019, Twitter told users that it was collecting their phone numbers and email addresses for purposes of account security. But it failed to disclose that it also would use the information to enable companies to send targeted online ads to users on the platform, the government alleged.

The regulators also alleged, in a federal lawsuit filed Wednesday, that Twitter falsely claimed that it complied with U.S. privacy agreements with the European Union and Switzerland, which prohibit companies from processing user information in ways that are at odds with purposes authorized by users.

“Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” FTC Chair Lina Khan said in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”

The San Francisco-based company has more than 229 million users around the world.

The $150 million penalty and the required new compliance measures under the settlement must be approved by a federal court in California.

The FTC’s 2011 order had alleged serious lapses in Twitter’s data security that allowed hackers to gain unauthorized administrative control of Twitter, including access to nonpublic user information.

Advertisement. Scroll to continue reading.

“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Twitter’s chief privacy officer, Damien Kieran, said in a blog post Wednesday. He said the company has taken steps in accord with the FTC on updating operations and making other improvements “to ensure that people’s personal data remains secure and their privacy protected.”

Twitter announced in November the formation of a new data governance committee within the company.

Word of the settlement came on the day of Twitter’s annual shareholders meeting. The drama of Tesla billionaire Elon Musk’s proposed $44 billion purchase of Twitter has swirled around the company for weeks. Musk, who is one of Twitter’s largest shareholders, on Wednesday revised the financing plan for his proposed takeover, raising investor hopes that he still intends to pull off the deal.

Twitter yields unrivaled influence on news, politics, and society thanks to its public nature, simple interface and of-the-moment immediacy. Some experts fear that Musk would relax content-moderation rules that offer some protection against white supremacy, hate speech and threats of violence. The platform famously banned former President Donald Trump following the assault on the U.S. Capitol in January 2021.

RelatedCan Elon Musk Spur Cybersecurity Innovation at Twitter?

Related: Hackers Used Internal Twitter Tools to Hijack Big-Name Accounts

Related: Why Are Users Ignoring Multi-Factor Authentication? 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...