Twitter has agreed to pay $150 million in civil penalties and implement privacy reforms, according to a Department of Justice (DOJ) press release.
In a complaint filed Wednesday in the U.S. Northern California District Court, the government alleges that Twitter violated the FTC Act by telling users that the app only collected emails and phone numbers for security purposes. The complaint alleges that between May 2013 and September 2019, Twitter used the data it collected to help companies send targeted ads to consumers, but failed to disclose this information. The complaint also alleges that the social media company lied about complying with EU and Swiss privacy laws, which prohibit companies from processing user data in ways that have not been approved by the user.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said Federal Trade Commission (FTC) Chair Lina M. Khan. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
Twitter has agreed to pay the $150 million fine as well as implement new privacy policies and reviews, according to the release. As part of the settlement, the company is required to “develop and maintain a comprehensive privacy and information-security program” as well as “conduct a privacy review with a written report” before implementing new products that collect user information, and other reporting and record-keeping regulations. Twitter is also required to notify any U.S. user that joined the app before Sept. 17, 2019, about the settlement and “provide users with options for protecting their privacy and security.”
In a blog post after the settlement was announced, Chief Privacy Officer Damien Kieran said the company was fully complying with the DOJ complaint.
“Twitter’s commitment to security and privacy is not a point-in-time exercise for us but a core value we constantly enhance by updating our practices to meet the evolving needs of our customers,” Kieran said. “The recently announced Data Governance Committee is an embodiment of our dedication to strengthen the implementation of our privacy and security policies and standards, as well as to expand our internal privacy and security review processes during the product development life cycle.”
The settlement comes at a tumultuous time for Twitter, which agreed to an acquisition proposal by Elon Musk last month for a reported $44 billion. The deal sent the app into a frenzy, with users saying the app could get more toxic under Musk’s leadership, and privacy advocates concerned about his plans for user authentication. Musk has railed against Twitter’s privacy policies and the prevalence of bots and fake accounts on the platform. He has repeatedly called out Twitter’s estimates that less than 5% of users on the platform were spam accounts and allegedly paused his acquisition because of it, according to a tweet he sent.
Musk’s acquisition could reshape Twitter. He has already announced he would reinstate former President Donald Trump to the platform, loosen free speech rules, and seek to verify all users with the hope of ridding the platform of the fake accounts he detests.