technologyTechnology · 2022

Twitter Inc.

Twitter was fined $150 million for violating a 2011 FTC consent order by using phone numbers and email addresses that users had provided for two-factor authentication security purposes to deliver targeted advertising through its Tailored Audiences programme between 2014 and 2019. The FTC found Twitter had explicitly told users the data was collected solely for account security while simultaneously monetising it for advertising targeting. The settlement also required a comprehensive privacy and information security programme with independent biennial audits.

Fine Imposed€138M

Authority

FTC-US

Regulation

FTC Act Section 5 — Unfair or Deceptive Acts or Practices

Max fine$51,744 per violation per day for post-order violations; initial enforcement via consent orders without direct fines

Statusactive

Key Takeaways

Collecting personal data for one stated purpose (account security) while using it for another (advertising) constitutes FTC Act deception regardless of technical policy compliance — dual-use of security data is a clear consent violation and repeat consent order breach.