After law enforcement officials accused Twitter of illegally utilizing users' data to help sell targeted adverts, the company was fined $150 million (£119 million) in the United States.
According to court records, the Federal Trade Commission (FTC) and the Department of Justice claim that Twitter broke a contract with regulators.
Twitter has previously stated that it would not provide advertisers with personal information such as phone numbers and email addresses.
According to federal authorities, the social media company violated the rules.
In December 2020, Twitter was fined £400,000 for violating the GDPR data privacy standards in Europe.
The Federal Trade Commission (FTC) is an independent US government organization tasked with enforcing antitrust laws and promoting consumer protection.
Twitter is accused of violating a 2011 FTC injunction prohibiting the corporation from misrepresenting its privacy and security procedures.
External sites are not under the control of the BBC.
Visit Twitter to see the original tweet.
Advertising on Twitter's platform, which lets users ranging from consumers to celebrities to corporations post-280-character messages, or tweets, generates the majority of the company's revenue.
Twitter began requesting users for a phone number or email address in 2013 to strengthen account security, according to a lawsuit filed by the Department of Justice on behalf of the FTC.
ICYMI: FTC charges @Twitter with deceptively using account security data to sell targeted ads. FTC and @DOJCivil order Twitter to pay $150 million penalty for violating 2011 FTC order and cease profiting from deceptively collected data: https://t.co/QRWi25K2vo
— FTC (@FTC) May 26, 2022
Authentication violation
"Once again, Twitter is breaking the confidence that their users have in their platform by utilizing their private information to their own advantage and raising their own revenue," Ian Reynolds, managing director of computer security firm Secure Team, told the BBC.
"Twitter misled their customers into a false feeling of security by gathering their data under the guise of security and account protection, but eventually ended up exploiting the data to target their users with adverts," he continued.
"This reality demonstrates the power that corporations still wield over your data and that there is still a long way to go before people can feel confident in their ability to fully control their digital footprint."
Twitter needs users to submit a phone number and an email address in order to verify their accounts.
People can use this information to reset their passwords and unlock their accounts if necessary, as well as enable two-factor authentication.
People can use this information to reset their passwords and unlock their accounts if necessary, as well as enable two-factor authentication.
Two-factor authentication adds an extra layer of security by sending a code to a phone number or email address in addition to a username and password to allow users to connect to Twitter.
According to the FTC, Twitter was also using the information to improve its advertising business until at least September 2019.
Advertisers are accused of having access to users' security information.
In addition to the monetary penalty, Twitter must:
- Stop utilizing the phone numbers and emails it obtained illegally.
- Notify users of the company's unauthorized use of security information.
- Inform users about the FTC's legal action.
- explain how to disable personalized ads and double-check multi-factor authentication settings
- Provide methods for multi-factor authentication that don't require a phone number.
- Implement a stronger privacy and security program that involves notifying the FTC of events within 30 days.