Twitter Fined $150M for Using Emails, Phone Numbers for Targeted Advertising
WASHINGTON — Twitter has agreed to pay a $150 million fine in a settlement reached with the Department of Justice and the Federal Trade Commission for improperly using users’ email addresses and phone numbers for targeted advertising, according to a complaint filed by the Department of Justice.
The settlement, which was announced Wednesday states that in addition to the fine Twitter is “required to undertake multiple measures that will improve its protection of consumer data.
“These measures include prohibiting misrepresentations about the extent to which the company protects the privacy of its users’ nonpublic contact information, including any misrepresentations about its use of such information, and requiring Twitter to implement a comprehensive privacy and information security program with extensive procedures to safeguard user information and assess internal and external data privacy risks.”
This all came about because between 2013 and 2019 Twitter solicited emails and phone numbers under the guise of “security” as part of the two-factor authentication tool used to verify users, according to the department’s complaint. The company did not tell users that information would also be used by Twitter to sell advertising, according to the complaint, which violated a 2011 order from the commission banning the practice, according to the department.
It was part of the “Tailored Audiences” and “Partner Audiences” advertising programs Twitter uses to sell products like promoted ads.
Each service allowed advertisers to pinpoint customers for advertising by matching their phone numbers and emails to either the companies’ existing email and phone number lists or through information they got through data brokers.
“Twitter has provided advertisers the ability to match against lists of email addresses since January 2014 and against lists of telephone numbers since September 2014,” the complaint stated.
“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said Lina Khan, chair of the commission in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
The company has paid the fine and is cooperating on other requirements in the settlement, Damien Kieran, the chief privacy officer, wrote in a statement.
“This issue was addressed as of Sept. 17, 2019, and today we want to reiterate the work we’ll continue to do to protect the privacy and security of the people who use Twitter,” Kieran wrote.
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way.”
They are also working to ensure people’s privacy is protected in accordance with current laws, Kieran added. He also highlighted the company’s “Data Governance Committee,” which was created in November 2021 in his statement.
“Moving forward, we will continue to make investments in this work, including building and evolving processes, implementing technical measures, and conducting regular auditing and reporting to ensure we are mitigating risk at every level and function at Twitter,” Kieran wrote.
“We will also continue to partner with the FTC, and our security and privacy regulators around the world, on our shared mission of building useful products and services that meet our customers’ needs while keeping the information they share with us secure and respectful of their privacy.”
Madeline can be reached at [email protected] and on Twitter @ByMaddieHughes