Twitter has paid the FTC a $150 million fine for the “misleading” use of user data for targeted advertising. The fine stems from the company’s 2019 admission that for years it had used Twitter users’ phone numbers and email addresses for two-factor authentication to also run targeted ads.
The company said at the time that using the phone numbers for advertisements was “a mistake” and it was unsure how many users were affected. In a statement, FTC Chairman Lina Khan said more than 140 million users were affected by the practice, which continued between 2014 and 2019. It also violated a previous agreement Twitter had with the FTC, dating back to 2011, that “forbade the company to misrepresent its privacy and security practices.”
In a statement, Twitter’s Chief Privacy Officer Damien Kieran said the company “has cooperated with the FTC every step of the way.”
“This issue was resolved on September 17, 2019, and today we would like to reiterate what we will continue to do to protect the privacy and security of the people who use Twitter,” Kieran wrote. “On reaching this settlement, we have paid a $150 million USD fine and have reached an agreement with the agency on operational updates and program improvements to ensure people’s personal information remains safe and their privacy protected.”
In addition to the fine, the FTC order requires Twitter to notify all users whose phone numbers and emails were originally collected for “account security” that were also used for advertising. It also requires Twitter to make two-factor authentication available through methods other than phone numbers, which the company adopted in 2019. Twitter will also create a new “comprehensive privacy and information security program” to assess new products for potential privacy and security risks.
All products recommended by Engadget have been selected by our editorial team, independent of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission.