Twitter revealed on Monday that it could face up to a $250 million fine from the Federal Trade Commission (FTC) for its use of user personal information that users provided believing it would be used for security purposes but was instead used for targeted advertising. Users provided their phone numbers and email addresses
Twitter disclosed this information with the Securities and Exchange Commission (SEC) in its second-quarter 10-Q financial filing. Twitter stated that it received a draft complaint on July 28, from the FTC, “alleging violations of the Company’s 2011 consent order with the FTC and the FTC Act.” Moreover, the “allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019. The Company estimates that the range of probable loss in this matter is $150.0 million to $250.0 million and has recorded an accrual of $150.0 million… The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome.” The 2011 consent order required Twitter to create and maintain a complete information security program, which will be audited every other year for ten years and it prohibited the company from misleading consumers regarding its security and privacy practices for 20 years. Each violation of the order could result in a civil penalty of up to $16,000.
Twitter disclosed this practice last year, claiming it was performed “inadvertently” and “an error.” The FTC alleged that Twitter misled consumers because it failed to inform users that their information may be used this way.
This is the latest trouble to Twitter, after the social media company fell victim to a large-scale hack in July.