Twitter to Pay $150M for Violating 2011 FTC Order Regarding Misrepresentation of its Privacy and Security Practices

Ayana Brown
McGuireWoods LLP
Contact
LinkedIn
Facebook
X
Send
Embed

On May 25, 2022, the Federal Trade Commission (FTC) announced that it, along with the Department of Justice, fined Twitter $150 million for violating a 2011 agreement the company had with the Commission. Under the 2011 FTC order, Twitter agreed that it would protect the integrity of nonpublic consumer information, including users’ phone numbers and email addresses. According to federal investigators, Twitter broke this promise.

The FTC found that Twitter requested users’ email addresses and phone numbers under the guise of protecting their accounts as part of the “two-factor authentication” method used to provide users with an additional layer of security. But rather than limit the use of users’ data for this purpose, the FTC found that Twitter used the information it received from its users to increase the company’s own profits by allowing advertisers to use that data to target advertisements towards specific users. In the FTC’s announcement, FTC Chair Lina Khan stated, “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”

The order proposed several corrective provisions in addition to the $150 million fine. If adopted, the order will prohibit Twitter from profiting from the data obtained in violation of the 2011 order. The new order would also require Twitter to:

  • Provide customers with alternative multi-factor authentication methods;
  • Notify users that it misused nonpublic consumer information collected for account security to target ads to them;
  • Implement and maintain a broad privacy and information security program;
  • Limit employee access to users’ personal data; and
  • Notify the FTC of any future data breaches.

To be sure, the FTC’s charge against Twitter is not surprising. The FTC previewed this issue back in October 2021 when it released findings from an FTC staff report on Internet Service Providers’ collection and use practices. The report found that even though ISPs “promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others.” The report concluded that the ISPs’ use and collection practices mirrored problems identified in other industries and emphasized the importance of regulating data collection and use. Websites using added protection to entice users to share more information should take heed to the order against Twitter. Additionally, as many tech companies have entered into consent orders with the FTC dealing with consumer protection issues, they must take appropriate measures to ensure that they are not violating those orders.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:

McGuireWoods LLP
McGuireWoods LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide