Twitter will pay a $150 million penalty and put in new safeguards to settle federal regulators’ allegations that the social platform failed to protect the privacy of users’ data over a six-year span.
The Justice Department and the Federal Trade Commission announced the settlement with Twitter on Wednesday. The regulators allege Twitter violated a 2011 FTC order by deceiving users about how well it maintained and protected the privacy and security of their nonpublic contact information.
From May 2013 to September 2019, Twitter told users that it was collecting their phone numbers and email addresses for purposes of account security. But it failed to disclose that it also would use the information to enable companies to send targeted online ads to users on the platform, the government alleged.
The regulators also alleged, in a federal lawsuit filed Wednesday, that Twitter falsely claimed that it complied with U.S. privacy agreements with the European Union and Switzerland, which prohibit companies from processing user information in ways that are at odds with purposes authorized by users.
The $150 million penalty and the required new compliance measures under the settlement must be approved by a federal court in California.
The FTC’s 2011 order had alleged serious lapses in Twitter’s data security that allowed hackers to gain unauthorized administrative control of Twitter, including access to nonpublic user information.