Twitter has agreed to pay a $150m fine to settle a federal privacy suit over privacy data violations.
The row saw the social company reportedly collecting phone numbers and email addresses for account security measures and then using the information for advertising purposes without letting users know.
“This practice affected more than 140 million Twitter users while boosting Twitter’s primary source of revenue,” explained Associate Attorney General Vanita Gupta in a statement.
The activity, recorded between May 2013 to September 2019, violated a 2011 consent order between the Federal Trade Commission (FTC) and Twitter that prevented the company from misrepresenting how it used individuals’ contact information.
The complaint, filed by the U.S. District Court for the Northern District of California on Wednesday, also alleged that Twitter falsely claimed to comply with the European Union-US and Swiss-US Privacy Shield Frameworks.
“The Department of Justice (DoJ) is committed to protecting the privacy of consumers’ sensitive data,” Gupta added.
“The $150m penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy.”
The social media giant said it will comply with the court’s decision, pay the fine and introduce a comprehensive privacy and information security program, which will include independent security audits every two years until 2042.
Further, Twitter will have to notify all US customers who joined its platform before September 17 2019 about the settlement and provide them with options for protecting their privacy and security in the future.
“Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” said U.S. Attorney Stephanie M. Hinds for the Northern District of California.
“Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.”
The ruling comes amid Elon Musk’s takeover of Twitter, which is sure to come with a fair amount of cybersecurity implications.