Twitter Inc. agreed to reasonable adjustments, new standards, and a $150 million penalty to resolve a federal privacy lawsuit on Wednesday. The settlement was authorized by the FTC with a unanimous 4-0 voting. It marks the first big agreement between a huge internet giant and the Biden administration’s Federal Trade Commission (FTC), which has committed to cracking down on data abuses.
The FTC is an independent US government organization tasked with enforcing antitrust laws and promoting consumer protection. President Biden appointed FTC Chairwoman Lina Khan last year, and she has vowed to utilize her agency’s jurisdiction to monitor corporations’ data practices and potentially prohibit certain conduct.
According to the US prosecutors, Twitter gathered phone numbers and email addresses for account security purposes before feeding the information into its advertising systems from May 2013 to September 2019. The government claims Twitter failed to disclose this to its users. The claimed behavior violated a 2011 FTC consent agreement prohibiting Twitter from misrepresenting how it used people’s contact information.
In December 2020, Twitter was fined £400,000 for violating the GDPR data privacy standards in Europe. It was the first time an EU authority had imposed a GDPR penalty on a major US internet company.
The majority of Twitter’s revenue comes from advertising on its platform, which allows users to submit 280-character messages, or tweets, ranging from consumers to celebrities to businesses. Twitter began requiring users for a phone number or email address in 2013 to increase account security, according to a lawsuit filed by the Department of Justice (DoJ) on behalf of the FTC.
Twitter needs users to submit a phone number and an email address in order to verify their accounts. People may use this information to reset their passwords and unlock their accounts, if necessary, as well as enable two-factor authentication. Two-factor authentication adds an extra layer of protection by sending a code to a phone number or email address in addition to a username and password to allow users to connect to Twitter.
Elon Musk, the CEO of Tesla, is pursuing a $44 billion purchase of Twitter. The $150 million civil penalty is representing around 3% of Twitter’s earnings in 2021.
“The $150m penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of the proposed settlement will help prevent further misleading tactics that threaten users’ privacy,” said Vanita Gupta, the US associate attorney general.
The FTC ruled that, in addition to the fines, Twitter must also stop utilizing the phone numbers and emails it obtained unlawfully; notify users about the company’s unauthorized use of security information; inform users about the FTC’s legal action; explain how to disable targeted ads and double-check multi-factor authentication settings; give choices for multi-factor authentication that doesn’t need a phone number and implement a stronger privacy and security program, which includes notifying the FTC of problems within 30 days.
