Twitter will pay a $150 million penalty and put in new safeguards to settle federal regulators’ allegations that the social platform failed to protect the privacy of users’ data over a six-year span.
The Justice Department and the Federal Trade Commission announced the settlement with Twitter on Wednesday. The regulators allege Twitter violated a 2011 FTC order by deceiving users about how well it maintained and protected the privacy and security of their nonpublic contact information.
From May 2013 to September 2019, Twitter told users that it was collecting their phone numbers and email addresses for purposes of account security. But it failed to disclose that it also would use the information to enable companies to send targeted online ads to users on the platform, the government alleged.
The regulators also alleged, in a federal lawsuit filed Wednesday, that Twitter falsely claimed that it complied with U.S. privacy agreements with the European Union and Switzerland, which prohibit companies from processing user information in ways that are at odds with purposes authorized by users.
“Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” FTC Chair Lina Khan said in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
The San Francisco-based company has more than 229 million users around the world.
The $150 million penalty and the required new compliance measures under the settlement must be approved by a federal court in California.
The FTC’s 2011 order had alleged serious lapses in Twitter’s data security that allowed hackers to gain unauthorized administrative control of Twitter, including access to nonpublic user information.
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Twitter’s chief privacy officer, Damien Kieran, said in a blog post Wednesday. He said the company has taken steps in accord with the FTC on updating operations and making other improvements “to ensure that people’s personal data remains secure and their privacy protected.”
Twitter announced in November the formation of a new data governance committee within the company.
Word of the settlement came on the day of Twitter’s annual shareholders meeting. The drama of Tesla billionaire Elon Musk’s proposed $44 billion purchase of Twitter has swirled around the company for weeks. Musk, who is one of Twitter’s largest shareholders, on Wednesday revised the financing plan for his proposed takeover, raising investor hopes that he still intends to pull off the deal.
Twitter yields unrivaled influence on news, politics, and society thanks to its public nature, simple interface and of-the-moment immediacy. Some experts fear that Musk would relax content-moderation rules that offer some protection against white supremacy, hate speech and threats of violence. The platform famously banned former President Donald Trump following the assault on the U.S. Capitol in January 2021.
Related: Can Elon Musk Spur Cybersecurity Innovation at Twitter?
Related: Hackers Used Internal Twitter Tools to Hijack Big-Name Accounts
Related: Why Are Users Ignoring Multi-Factor Authentication?