FTC fines Twitter $150 million for using account security data to sell targeted ads


Posts: 8,011   +87
Staff member
What just happened? The Federal Trade Commission (FTC) has fined Twitter $150 million over "deceptive" ad practices that used email addresses and phone numbers submitted for account security purposes, such as two-factor authentication, for targeted ads. Twitter maintains that what happened was an error.

It was reported in 2019 that the scheme used Twitter's Tailored Audiences and Partner Audiences advertising systems, which allow advertisers to target ads to customers based on either their own custom contact lists or those provided by a third party.

Twitter admitted that users' emails and phone numbers were "inadvertently" used for ad targeting in its system. "When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," the company wrote at the time.

Twitter never said how many users may have been affected. FTC Chair Lina M. Khan puts the number at over 140 million people, between 2014 and 2019.

Whether it was an error or not, the FTC notes that Twitter's actions violate a 2011 FTC order that explicitly prohibited the company from misrepresenting its privacy and security practices. As such, Twitter must pay a $150 million fine and is banned from profiting from the deceptively collected data. The amount reflects that seriousness of the matter and is intended to prevent further similar tactics that could threaten users' privacy, writes the FTC.

Twitter must also notify all 140+ million users whose numbers and emails were collected for account security and were used for targeted ads. It must also offer two-factor authentication methods that don't require phone numbers, which it started doing in 2019, limit employee access to users' personal data, and notify the FTC if it experiences a data breach.

Permalink to story.



Posts: 39   +39
What a humorous pittance for completely trampling over user's private data shared for a completely different purpose to what they were told. Add 100x to this amount, and even that is not a strong enough message,

I reckon they made 150M just on this "accidental error" alone...


Posts: 2,024   +1,220
1.07 million per violation. That's how much your privacy, over the course of a lifetime of a phone number or email address, is worth to the FTC


Posts: 3,206   +2,739
Privacy? Shoot, our privacy pretty much stopped, when they started putting
"do you agree to our terms of service", when you turn on a computer, phone,
install software etc.


Posts: 803   +939
"The amount reflects that seriousness of the matter and is intended to prevent further similar tactics that could threaten users' privacy, writes the FTC."

Wow, a lousy $150 million.....for a company that earns that in 3 days!!

The FTC, as usual, bends over for the industry it's allegedly policing. Somebody called it by a very apt name: FTC is the harlot of Big Biz.