Twitter agreed to pay $150 million to settle allegations the platform gave advertisers some user information that was supposed to be employed to strengthen account security, US authorities said Wednesday.
The Federal Trade Commission and the Department of Justice accused Twitter of taking phone numbers or email addresses provided to tighten privacy and then letting advertisers use the details to make money.
“Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” commission chair Lina Khan said in a release.
The personal information that users hand over to tech companies, and how that data gets used, is a front of repeated conflict between regulators and powerful firms like Facebook parent Meta, Twitter and others.
Clashes over privacy have resulted in periodic suits or settlements but critics have long called for a comprehensive updating of US national rules for how people’s data is handled online.
In a five-year period ending in 2019, more than 140 million Twitter users gave phone numbers or email addresses to the San Francisco-based service to help secure accounts with two-factor authentication, regulators said.
The security technique involves augmenting passwords with one-time codes sent by text or email messages.
Without telling users, Twitter let advertisers use the personal information to target ads, said the FTC, which worked with federal prosecutors to pursue a case against the tech firm.
“Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” US Attorney Stephanie Hinds said in a release.
Along with agreeing to pay $150 million, Twitter will implement new measures including having its privacy program regular evaluated by an independent assessor, the settlement deal indicated.
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Twitter chief privacy officer Damien Kieran said in a blog post.
“We have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected,” he added, noting the penalty has already been paid.
The settlement, which will need to be approved by a judge, also requires Twitter to inform all of the people who joined Twitter prior to late 2019 about the deal and options for protecting their privacy.