The Federal Trade Commission is charging Twitter for "deceptively" using security data — the phone numbers and emails it asked users to input to secure their accounts — to actually target ads to them, the agency announced Wednesday. The FTC will require that the company pay $150 million.
Under an order proposed by the FTC and the Department of Justice, Twitter will also be prohibited from "profiting from its deceptively collected data," the FTC said in a press release. The agency alleges that Twitter asked users to give the company their phone numbers and email addresses to protect their accounts, then gave the data to advertisers for targeted ads.
"Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," FTC Chair Lina Khan said in a statement. "This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue."
The practice violates a 2011 order from the FTC, in which Twitter was banned from "misrepresenting its privacy and security practices," the FTC said. The original order alleged that pitfalls in the company’s data security gave hackers to access to have unauthorized administrative control of Twitter, and that the app "deceived consumers and put their privacy at risk."
Facebook got in trouble with the FTC under similar circumstances in 2019, settling with the agency for a historic fine of $5 billion. Though the fine was for a litany of charges, one part of the order prohibited the company from using telephone numbers obtained to enable two-factor authentication for advertising.
“Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” U.S. Attorney Stephanie M. Hinds for the Northern District of California said in a statement. “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.”