Twitter Fined $150 Million For Sharing User Telephone Numbers

Tom Jowitt,
Twitless - twitter down © Fotolia

Privacy settlement with the FTC and DoJ sees Twitter agreeing to pay $150 million for using user email addresses, phone numbers for advertising

Twitter confirms it has reached a settlement with the Federal Trade Commission and the US Department of Justice (DoJ) over a privacy incident in 2019.

Under the terms of the settlement agreement, Twitter has been ordered to pay a $150m penalty “for deceptively using account security data for targeted advertising.”

In October 2020, Twitter admitted that it had unintentionally misused user’s personal data for advertising purposes for a number of years.

It had used the email addresses and phone numbers that users had supplied to Twitter since 2013 for security purposes, namely for two-factor authentication.

Financial settlement

Twitter asked users to give their phone numbers and email addresses to protect their accounts, said the FTC.

It then added that Twitter had profited by allowing advertisers to use this data to target specific users.

The FTC said Twitter’s deception violates a 2011 FTC order that explicitly prohibited the company from misrepresenting its privacy and security practices.

The US regulator ordered Twitter to “pay a $150 million penalty and is banned from profiting from its deceptively collected data.”

“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina M. Khan. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”

“The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy,” added Associate Attorney General Vanita Gupta.

Twitter’s offences occurred between May 2013 and September 2019, according to the court documents.

In addition to the financial settlement, Twitter is also required to improve its compliance practices.

Twitter statement

Twitter’s chief privacy officer, Damien Kieran, said in a blog post that the company had “cooperated with the FTC every step of the way”.

“In reaching this settlement, we have paid a $150M USD penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected,” wrote Kieran.

“Twitter’s commitment to security and privacy is not a point-in-time exercise for us but a core value we constantly enhance by updating our practices to meet the evolving needs of our customers,” he added.

“Moving forward, we will continue to make investments in this work, including building and evolving processes, implementing technical measures, and conducting regular auditing and reporting to ensure we are mitigating risk at every level and function at Twitter,” wrote Kieran.

Musk criticism

Twitter makes 90 percent of its annual revenue of $5bn (£3.8bn) from advertising.

Its dependency on advertising revenue is one of the issues that Elon Musk has cited in his criticism of the company he was intending to purchase for $44bn, until he put the deal on hold over his demand for clarification on the number of spam or fake accounts on the service.

And Musk lost little time in weighing in the SEC settlement, speculating whether Twitter had been truthful in the matter.

This is not the only time Twitter has experienced issues with user’s telephone numbers.

In February 2020 Twitter warned that it had discovered attempts by ‘state-sponsored actors’ to access the phone numbers associated with user accounts.