Social media giant Twitter has agreed to pay $150 million after it was caught improperly selling users’ private information.
The company is accused of selling the data of users to target advertising, without having informed them.
The Justice Department and the Federal Trade Commission (FTC) announced the settlement.
If approved by a federal court, it requires Twitter to pay the amount in civil penalties as well as improve its compliance practices to protect users’ data privacy.
Twitter’s chief privacy officer, Damien Kieran, said that in reaching the settlement, the company has paid the $150 million penalty.
He said the Big Tech company has also “aligned with the [FTC] on operational updates and program enhancements” to protect user privacy and security.
Kieran said the matter concerns a privacy incident disclosed in 2019 “when some email addresses and phone numbers provided for account security purposes may have been inadvertently used for advertising.”
“This issue was addressed as of September 17, 2019, and today we want to reiterate the work we’ll continue to do to protect the privacy and security of the people who use Twitter,” Kieran said in a statement.
According to a complaint (pdf) filed Wednesday in the U.S. District Court for the Northern District of California, Twitter was accused of having violated the FTC Act and a 2011 settlement with the FTC by allegedly misrepresenting to its users how it would use their nonpublic contact information.
From at least May 2013 to September 2019, Twitter allegedly “deceptively used personal information collected for specific security-related purposes for advertising,” said the complaint.
The complaint was filed by the Justice Department on behalf of the FTC.
“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint said.
FTC Chair Lina Khan in a statement that the alleged practice “affected more than 140 million Twitter users while boosting Twitter’s primary source of revenue.”
U.S. officials pointed out in the complaint that of the $3.4 billion in revenue that Twitter earned in 2019, “$2.99 billion flowed from advertising.”
The $150 million fine is about 12.5 percent of Twitter’s $1.2 billion revenue in the first quarter of 2022.
In 2021, the company made $5 billion in revenue.
Associate Attorney General Vanita Gupta said in a statement that the $150 million amount “reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy.”
The U.S. government also alleged in the complaint that the company did not comply with the European Union-U.S. and Swiss-U.S. Privacy Shield Frameworks which “generally prohibit businesses from transferring personal data to third countries unless the recipient jurisdiction’s laws are deemed to adequately protect personal data. ”
As part of the new compliance measures Twitter has agreed to in the settlement, it will be required to develop and maintain a “comprehensive privacy and information-security program,” conduct a privacy review with a written report before introducing any new initiative that collects users’ private information, and conduct regular testing of its data privacy safeguards, the Justice Department announced.
“Twitter also will be required to obtain regular assessments of its data privacy program from an independent assessor, provide annual certifications of compliance from a senior officer, provide reports after any data privacy incidents affecting 250 or more users, and comply with numerous other reporting and record-keeping requirements,” the department added.
The settlement also requires Twitter to let all U.S. users who joined the service before Sept. 17, 2019, about the settlement, and give the users options to protect their privacy and security.
The latest Twitter fine pales in comparison to the $5 billion that Facebook, now called Meta, paid to settle with the FTC in 2019 over a data scandal related to political data-analytics firm Cambridge Analytica.
Twitter is largely a free service and makes money mainly through advertising.
Elon Musk, who is set to acquire Twitter in a $44 billion deal, has said he wants to diversify the company’s revenue streams.
He also said he plans to increase the annual revenue to $26.4 billion by 2028.