FTC probing Twitter for misusing users' private data

Twitter is probed by the FTC and could face up to $250M in fines for misusing users’ personal data intended for security purposes to serve them ads instead

  • Twitter announced it has received an FTC complaint alleging violations between 2013 and 2019 
  • The company is accused of violating its 2011 consent order by misusing users’ personal data intended for security reasons to serve them ads instead
  • It estimates a probable loss of between $150M and $250M in settlement charges
  • The social media company last year admitted to ‘inadvertently’ providing ad partners with users’ phone numbers or email addresses

Twitter has come under investigation by the Federal Trade Commission and could face up to $250million in fines for misusing users’ personal data intended for security purposes to serve them ads instead. 

In a regulatory filing on Monday, the social media company said it received a draft FTC complaint alleging violations between 2013 and 2019.

The company is accused of using phone numbers, which are uploaded to users’ Twitter accounts for security purposes, to target people with ads.  

The violations could potentially be in breach of a consent order against the company in 2011, when the FTC detected ‘serious lapses’ in Twitter’s data security that allowed hackers to obtain users’ private information. 

The FTC is probing Twitter for alleged violations of a law that prevents the social network from using personal data provided for security purposes to target ads

Twitter said it estimates a probable loss of between $150million and $250million in settlement charges, and has already recorded $150million of that estimate in accrual related to the allegations. 

‘Following the announcement of our Q2 financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order,’ a Twitter spokesperson said. 

‘Following standard accounting rules we included an estimated range for settlement.’

‘The matter remains unresolved and there can be no assurance as to the timing or the terms of any final outcome,’ Twitter said. 

The company last year admitted it had ‘accidentally’ provided ad partners that participate in its Partner Audience program with users’ phone numbers or email addresses. 

The numbers were intended to set up a two-factor authentication, in which users can secure their account from would-be hackers by using their mobile device or email as a fail-safe. 

Twitter last year admitted to ‘inadvertently’ providing ad partners with users’ phone numbers or email addresses

Instead, however, Twitter said it inadvertently used the information to help match users’ accounts with stores they may have shopped at. 

This allowed ad partners that had access to a person’s phone number – i.e. a pharmacy or any retailer with a rewards program – to match that number with a customer’s Twitter account and advertise directly to them on the platform. 

Twitter released a statement last October apologizing for the error and said the issue had been corrected the previous month.

The company said it did not have an estimate on how many users were affected by the purported snafu.  

The FTC complaint however, reveals the violations stem back to 2013.  

Under a 2011 settlement with the FTC, Twitter was barred for 20 years from ‘misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.’

The company was also ordered to establish an information security program that would be assessed by an independent auditor every year for ten years.

Any violation of the terms would result in a $16,000 penalty.

It comes weeks after a group of hackers gained access to a number of verified Twitter accounts, including that of former President Obama and Tesla CEO Elon Musk.  

Source: Read Full Article