Federal regulators have ordered Twitter to pay a $150 million penalty and install new safeguards on the platform for failing to protect its users’ personal information over a period of six years.
The Federal Trade Commission (FTC) and the Justice Department announced the settlement on Wednesday. Twitter allegedly violated a 2011 FTC order by not telling its users the truth about how it kept user data safe and secure and how it was used.
The FTC issued the 2011 order after Twitter allegedly had serious lapses in data security, which allowed hackers to gain unauthorized administrative control of Twitter, including access to private user information.
From May 2013 to September 2019, Twitter told its users that it collected their email addresses and phone numbers for the purpose of keeping their accounts secure. According to the allegations, the platform did not inform its users that it would allow companies to target online ads based on the data it collected.
“Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” FTC Chair Lina Khan said. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
The regulators also filed a federal lawsuit on Wednesday alleging that Twitter had claimed it complied with privacy agreements in Switzerland and the European Union when it was not in compliance. The privacy agreements prohibit companies from processing user information in ways that users did not authorize.
The San Francisco-based social media company currently has 229 million users worldwide. A California federal court must approve the new safeguards and the $150 million payment for the settlement to be considered complete.
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Twitter’s chief privacy officer, Damien Kieran, wrote in a blog post on Wednesday.
Kieran stated that the company and the FTC collaborated on updating operations and making other improvements “to ensure that people’s personal data remains secure and their privacy protected.”
In November, Twitter announced the creation of a new Data Governance Committee that aims to “strengthen the implementation” of the company’s privacy and security policies and standards.
