Twitter Fined $150M For Deceptively Collecting Phone Numbers And Emails For Ad Targeting

twitter sign up page
What a shocker—a social media giant misused its users’ data. It appears that the Federal Trade Commission (FTC) is not allowing at least one of those giants to entirely get away with its behavior. The FTC is fining Twitter $150 million USD for deceptively collecting users’ data and using it for targeted ads.

Twitter reportedly violated a 2011 FTC settlement in which it was “barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.” It was also tasked at this time with developing and maintaining a comprehensive security plan. The FTC contended that Twitter had deceived consumers and put their data at risk.

The FTC charges Twitter with once again deceiving consumers between 2014 and 2019. Twitter began asking users for their phone numbers and addresses in 2013 in order to improve security. More than 140 million users shared this information. However, this data was also used for targeted ads and Twitter never shared its intentions with consumers. These actions violate both the FTC Act and aforementioned 2011 settlement. U.S. Attorney Stephanie M. Hinds for the Northern District of California remarked, “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.”

cybersecurity lock
Twitter “apologized” for its dishonesty in 2019. It claimed that “this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system.” It further insisted that it did not know how many people were impacted by this action, but that it had resolved the issue.

The FTC will not only fine Twitter $150 million but will demand several actions. First and foremost, Twitter cannot profit from “deceptively collected data.” It must permit users to utilize mobile authentication apps or security keys that do not force them to give Twitter their phone number. Next, it must inform users that it misused their data. It must also implement a new privacy and information security program and share this program with users. Last, it needs to limit employees' access to user data and inform the FTC of any security breaches.