Twitter will pay a $US150 million ($211 million) penalty and put in new safeguards to settle federal regulators’ allegations the social platform failed to protect the privacy of users’ data over a six-year span.
The Justice Department and the Federal Trade Commission announced the settlement with Twitter on Wednesday.
The regulators allege Twitter violated a 2011 FTC order by deceiving users about how well it maintained and protected the privacy and security of their non-public contact information.
From May 2013 to September 2019, Twitter told users it was collecting their phone numbers and email addresses for purposes of account security.
But it failed to disclose it would also use the information to enable companies to send targeted online ads to users on the platform, the government alleged.
The regulators also alleged, in a federal lawsuit filed on Wednesday, that Twitter falsely claimed it complied with US privacy agreements with the European Union and Switzerland, which prohibit companies from processing user information in ways that are at odds with purposes authorised by users.
“Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” FTC Chair Lina Khan said in a statement.
“This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
The San Francisco-based company has more than 229 million users around the world.
The $US150 million penalty and the required new compliance measures under the settlement must be approved by a federal court in California.
The FTC’s 2011 order had alleged serious lapses in Twitter’s data security that allowed hackers to gain unauthorised administrative control of the platform, including access to non-public user information.
“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Twitter’s chief privacy officer Damien Kieran said in a blog post on Wednesday.
He said the company has taken steps in accord with the FTC on updating operations and making other improvements “to ensure that people’s personal data remains secure and their privacy protected”.
Twitter announced in November the formation of a new data governance committee within the company.
Word of the settlement came on the day of Twitter’s annual shareholders meeting.
The drama of Tesla billionaire Elon Musk’s proposed $US44 billion ($A62 billion) purchase of the firm has swirled for weeks.
Musk, who is one of Twitter’s largest shareholders, on Wednesday revised the financing plan for his proposed takeover, raising investor hopes he still intends to pull off the deal.
Some experts fear Musk would relax content-moderation rules that offer some protection against abuse including white supremacy, hate speech and threats of violence on Twitter.