Twitter Fined $150 Million for Alleged Misuse of User Data

  • The FTC and DOJ reached a settlement with Twitter, Inc. to resolve allegations that the company used user personal data to help sell targeted advertisements in violation of the FTC Act and a 2011 FTC Order, which prohibited the company from misrepresenting the extent to which it protects user data.
  • The complaint alleged, among other things, that from 2013 until 2019 Twitter collected user telephone numbers and email addresses for security-related purposes without disclosing to users that the company also used this information to help advertisers target specific groups of Twitter users.  In addition, the complaint alleged that Twitter misrepresented the extent to which it complied with privacy principles provided under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
  • Under the terms of the stipulated order, Twitter will be required to pay a monetary penalty of $150 million. In addition, Twitter must notify users of the company’s alleged misuse of their information, inform users of the company’s privacy and security policies, and allow users to use multi-factor authentication methods that do not include telephone numbers. Twitter must also implement a comprehensive security and privacy policy and limit employee access to user personal data.