- Twitter released users' contact info for targeted advertising without informing them, the DOJ and FTC said Wednesday.
- Twitter agreed to pay $150 million, but the settlement still has to be approved.
- Twitter will also have to submit reports and face increased scrutiny from regulators.
Twitter has agreed to pay $150 million to settle allegations that it failed to inform users that it was using phone numbers and email addresses to help businesses do targeted advertising, the Department of Justice and Federal Trade Commission said in a release and court filing Wednesday.
"The $150 million penalty reflects the seriousness of the allegations against Twitter," said Associate Attorney General Vanita Gupta in the statement.
The complaint was filed in California on Wednesday. It says that Twitter, from May 2013 to September 2019, informed users it was only asking for emails and phone numbers (not displayed on profiles) for account security.
But Twitter didn't tell people that their contact information would be used to assist businesses doing targeted advertising, the filing added.
"Twitter's misrepresentations violate the FTC Act and the 2011 Order, which specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information," the filing says.
The release adds that the practice violated the "European Union-US and Swiss-US Privacy Shield Frameworks."
Those are a set of privacy requirements that, separate from the GDPR, regulated data transfers between the EU and other countries before they were invalidated in 2020. That left the whole thing in sort of legal twilight zone, but, in March, the EU and the US agreed "in principle" to a new framework — but the details haven't been finalized,, CNBC reported.
"This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue," FTC Chair Lina M. Khan said in the release.
Besides paying out the $150 million, Twitter will face what seems to be some strict measures as a result of the settlement, per the release, all of which will be supervised by the FTC and DOJ.
The social media company will have to write reports for a data privacy issue that impacts 250+ users and let US users know "options for protecting their privacy and security," if they joined Twitter before 2019.
It will also have to do a "privacy review" and write a report before putting out "any new product or service that collects users' private information," the release said.
Twitter's chief privacy officer, Damien Kieran, put out a blog post where he committed to the various measures the agencies have asked of the company and confirmed it would pay the $150 million.
"We have cooperated with the FTC every step of the way," he wrote.
"We will continue to partner with our regulators to make sure they understand how security and privacy practices at Twitter are always evolving for the better," Kieran added in a tweet.
The settlement still has to be approved in federal court, the release noted.