Social Media Company to Pay $150 Million to Settle Data Privacy Violations
Commentary by Ilan T. Graff
The DOJ, on behalf of the FTC, settled an action (see announcements here and here) against Twitter for misrepresenting the extent to which it maintained and protected the security and privacy of users' nonpublic contact information.
In its Complaint filed in the United States District Court, Northern District of California, the DOJ alleged that Twitter collected user phone numbers and email addresses to strengthen account security, but failed to disclose that it provided that information to advertisers to help them reach preferred audiences through targeted ads.
Twitter was found to have violated Section 5(a) ("Unfair methods of competition unlawful; prevention by Commission") of the Federal Trade Commission Act, as well as a previous 2011 FTC Order prohibiting it from misrepresenting its privacy and security practices.
To settle the charges, Twitter agreed to (i) pay a civil penalty of $150 million and (ii) additional undertakings to overhaul and implement a new compliance system intended to ensure the company improves its data privacy practices.
Commentary
The resolution follows closely on the heels of DOJ's recent cybersecurity enforcement announcement (see previous coverage here) and reflects the Department's continued emphasis on institutional data privacy accountability (see also the Deputy Attorney General's October 2021 announcement of DOJ's Civil Cyber-Fraud Initiative).