Twitter Fined $150 Million For Privacy Scandal

John Lister's picture

The Federal Trade Commission (FTC) has fined Twitter $150 million for unlawfully giving personal data to advertisers. The fine is so high because Twitter breached a settlement in a 2011 case.

Back then, hackers broke into Twitter and were able to access personal information, including messages that users had set as private. The FTC said then that Twitter had misled users by making promises about how secure and private they kept user data.

At that time, Twitter escaped any penalty but accepted a "consent agreement" to settle the case. That wasn't an admission of wrongdoing, but did mean Twitter promised to carry out certain actions and accepted it would face a legal penalty if it breached the agreement. The actions included a 20-year guarantee to not mislead users about "the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information." (Source: ftc.gov)

Advertisers Accessed Details

The FTC now says Twitter has breached the consent agreement. That's because it collected phone numbers and email addresses from users, saying the data would help protect their accounts. (This could include, for example, using the details as a means of verifying password change requests).

However, Twitter also "profited by allowing advertisers to use this data to target specific users." For example, an advertiser could cross-reference a user's details with their own database to identify them and decide whether they wanted to target them with ads.

As Twitter didn't warn users about this, the FTC concluded it had misled users about how their privacy was (or rather wasn't) protected. It also said Twitter had violated rules on transferring data between the US and Europe.

Twitter Must Fess Up To Users

The $150 million fine is only part of the punishment, which also includes Twitter being barred from making any profit from the ad sales in question. It must also beef up its privacy policy, limit employee access to user data, and tell the FTC about any future data breach.

The FTC also says Twitter must tell users how it misused their personal data. Finally, it must introduce ways of verifying account ownership that don't use phone numbers, for example a mobile app or physical security key. (Source: bbc.co.uk)

What's Your Opinion?

Is this a big enough fine to deter other companies? Do you consider this a serious breach? Should violating a previous settlement be considered an even greater offense?

| Tags:
Rate this article: 
Average: 5 (7 votes)

Comments

alan.computergeek@gmail.com's picture

Will this kill the deal or drop the price?