It’s FTC 101. Companies can’t tell consumers they will use their personal information for one purpose and then use it for another. But according to the FTC, that’s the kind of digital bait-and-switch Twitter pulled on unsuspecting consumers. Twitter asked users for personal information for the express purpose of securing their accounts, but then also used it to serve targeted ads for Twitter’s financial benefit. It wasn’t Twitter’s first alleged violation of the FTC Act, but this one will cost the company $150 million in civil penalties.
The story starts with the FTC’s 2010 complaint against Twitter. In that case, Twitter told users that users could control who had access to their tweets and that their private messages could be viewed only by recipients. But according to the FTC, Twitter didn’t have reasonable safeguards to ensure users’ choices were honored. The 2010 complaint cited multiple instances in which Twitter’s actions – and inactions – led to unauthorized access of users’ personal information. To settle that case, the company agreed to an order that became final in 2011 that would impose substantial financial penalties if it further misrepresented “the extent to which [Twitter] maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information.”
The just-announced $150 million civil penalty stems from a new complaint filed by the Department of Justice on behalf of the FTC, alleging that Twitter violated the order in the earlier case by collecting customers’ personal information for the stated purpose of security and then exploiting it commercially. You’ll want to read the complaint for the details, but here’s how the FTC says Twitter deceived its customers.
From May 2013 through September 2019, Twitter…
EU court lowers requirements for imposing fines for data protection breaches
The European Court of Justice issued a landmark ruling on Tuesday (5 December) that is set…