Twitter is back making headlines, but not for any good reason. The Federal Trade Commission (FTC), an independent agency of the US government dealing with antitrust law, has announced that they’re charging the social media platform with deceptively using user account security data to sell targeted ads. As a result, Twitter is being fined USD150 million by the FTC, and is banned from profiting off its ‘deceptively collected data’.
The issue originally started way back in 2013, when Twitter started asking its users to provide a phone number or email address under the pretense of improving account security. Giving Twitter your phone number would be especially important in the event you are locked out of your account and need to prove your credentials. You’d also have to give Twitter your phone number if you wanted to use two-factor authentication to secure your account.
Since then till 2019, over 140 million Twitter users had given the social media platform their phone numbers or email addresses. However, Twitter had not informed them that their details will also be used for targeted advertising. According to the FTC, Twitter had used the phone numbers and the email addresses of its users to allow their advertisers the ability to target specific ads to specific demographics of users by matching the information to data from data brokers. In Twitter’s defense though, they admitted this back in 2019 but claimed that its use for advertising purposes was unintentional.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue,” – Lina M. Khan, FTC Chairperson
Not only does Twitter’s use of their users’ phone numbers and email address for targeted advertising violate the US FTC Act, it also goes against the EU-US Privacy Shield and the Swiss-US Privacy Shield agreements. These agreements had required companies to adhere to strict privacy principles if they wanted to legally transfer data from EU nations and Switzerland to the US.
The FTC is now ordering Twitter to notify users whose account security details had been inadvertently used for targeted advertising, as well as allow its users to use other methods of multi-factor authentication such as security keys that do not require users to give Twitter their phone numbers. On top of that, Twitter needs to implement and maintain a ‘comprehensive privacy and information security program’ that will require Twitter to examine the potential privacy and security risks of their new products. The FTC also wants Twitter to limit employee access to user data and inform the FTC should there be a data breach.
Twitter for their part has since come out with a statement, saying that they have reached a settlement with the FTC over the matter and have paid the USD150 million penalty. Damien Kieran, Twitter’s Chief Privacy Officer also says that they take data security and respecting privacy very seriously, and will continue to work with the FTC as well as security and privacy regulators around the world.
[ SOURCE 2, IMAGE SOURCE ]
