Twitter has agreed to pay a $150 million penalty for using its users’ personal data related to two-factor authentication for advertising purposes.
A practice that lasted from 2013 to 2019
This agreement has been established with the Federal Trade Commission (FTC), federal agency responsible for enforcing consumer law and the control of anti-competitive business practices such as unfair monopolies, as well as with the Department of Justice (DOP) . It concerns a practice implemented by Twitter between May 2013 and September 2019, during which the platform used the email addresses and telephone numbers of users in its advertising tools without notifying them.
Beijing accuses Washington of cyber espionage
The Department of Justice explains: Twitter told its users that it collects their phone numbers and email addresses for account security purposes, but did not disclose that it would also use this information to help users. […] companies to send targeted advertisements to consumers. The complaint further alleges that Twitter falsely claimed to comply with the European Union-U.S. and Swiss-U.S. Privacy Shield Frameworks, which prohibit companies from processing user information in a manner that is not compatible with the purposes authorized by them “.
In doing so, Twitter violated a 2011 agreement with the FTC that, among other things, prohibited it from making false statements about how it used individuals’ contact information. It was the social network itself, in 2019, which reported the problem: “ We recently discovered that where you provided an email address or phone number for safety or security purposes (e.g. two-factor authentication), that data may have been inadvertently used for advertising purposes. “.
The FTC wants to better regulate the tech giants
“ As the complaint notes, Twitter obtained user data under the guise of mining it for security purposes, but ended up using it to target users with ads as well. This practice has affected more than 140 million Twitter users, while boosting Twitter’s main source of income said Lina Khan, chairwoman of the Federal Trade Commission, appointed by the Biden administration.
The Capitol, in Washington DC, symbol of the American legislative power. Photography: Julien Gaud / Unsplash
Lina Khan is a fervent opponent of the monopolies exercised by the tech giants as well as the exploitation of personal data. Moreover, it has decided to extend the powers of the FTC in order to better regulate and control these companies. Twitter’s sanction, which mirrors a $5 billion penalty imposed on Facebook in 2020, suggests an extension of how previous administrations have used existing enforcement powers, reports the wall street journal.
“ It is largely a continuation. But it’s a strong order said Jessica Rich, former director of the FTC’s Consumer Protection Bureau, before adding that the new order contains “much stronger” provisions.
Twitter must comply with many measures
For its part, Twitter reacted calmly to this decision: “ We take data security and privacy very seriously, and have cooperated with the FTC every step of the way. In reaching this settlement, we paid a US$150 million penalty and aligned with the agency on operational updates and program enhancements to ensure people’s personal data remains secure and their lives private protected “.
In addition to the fine, which represents 3% of the social network’s annual revenue, it must also comply with numerous measures. Thus, Twitter must notify all users affected by this flaw, alert the FTC in the event of future data breaches and submit to independent security audits every two years for the next twenty years. The company has since provided users with multi-factor authentication options that do not rely on phone numbers.
As a reminder, the news of Twitter, in addition to this penalty, is very eventful. Billionaire Elon Musk recently announced the takeover of the social network, on which he wants to make many changes.