Twitter will pay the U.S. government $150 million after federal officials sued the platform for misleading users about how it protects their data. Regulators accused the company of violating a previous Federal Trade Commission (FTC) privacy settlement by using contact information that it collected to help marketers with targeted advertising.
Officials said Twitter disclosed to users that phone numbers and email addresses would be used for account security, but the platform apparently did not shed enough light on how that same information would be used for other purposes. The suit claims that these practices affected over 140 million Twitter users who submitted contact information to the platform.
“From at least May 2013 through at least September 2019, Twitter did not disclose, or did not disclose adequately, that it used these telephone numbers and email addresses to target advertisements to those users through its Tailored Audiences and Partner Audiences services,” the lawsuit stated.
In a company blog post, Twitter Chief Privacy Officer Damien Kieran pointed out that the platform addressed this problem in 2019. He also reaffirmed that Twitter is committed to protecting the privacy of its users.
“In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected,” Kieran said.
In addition to paying a financial penalty, Twitter has agreed to implement a comprehensive privacy and data security program and disclose why and how it collects, shares, and uses personal information that it collects. Twitter users will also now have access to a multi-factor authentication option that does not use their phone number.
FTC advises consumers about data protection
The FTC says consumers should take away several important lessons from this suit so that they can protect their personal information in the future. Those lessons include:
Use multi-factor authentication whenever possible. The FTC says this type of protection makes it harder for scammers to log in to consumers’ accounts, even if they’re able to steal usernames and passwords.
Choose forms of multi-factor authentication that don’t involve personal information. The FTC says consumers should opt for authentication apps that use physical tokens instead of software that requires them to input personal data. Physical tokens require consumers to be in physical possession of a real-world object that acts as an authentication device. Some examples include a phone, USB drive, or keycard.
Be careful when selecting security questions. The FTC says consumers should only select security questions that they know the answers to. For added security, you could even select random answers to questions; just be sure to remember your nonsensical answers.
Check your privacy settings. Some platforms allow users to opt out of targeted advertisements in an app’s privacy settings.