Twitter to Pay $150M Settlement in Privacy Violation Case

pcmag.com:

Twitter agreed to pay $150 million and implement new compliance measures following allegations that the social network misrepresented how it used the private contact information of its users.

According to a complaint(Opens in a new window) by the Department of Justice, between May 2013 and September 2019 Twitter told users it collected telephone numbers and email addresses for security purposes, but failed to disclose the data would also be used for targeted ads.

The DOJ also alleged that Twitter falsely claimed to comply with the European Union-US and Swiss-US Privacy Shield Frameworks, which prohibit companies from processing user information in ways not compatible with their authorized purposes.

"The Department of Justice is committed to protecting the privacy of consumers' sensitive data," Associate Attorney General Vanita Gupta said in a statement(Opens in a new window). "The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed […] will help prevent further misleading tactics that threaten users' privacy."

Going forward, Twitter will be required to develop and maintain a comprehensive privacy and information-security program; conduct a privacy review (with written report) before implementing any new product or service that collects personal information; and conduct regular tests of data privacy safeguards—to be assessed independently.

The settlement, agreed by the Department of Justice and Federal Trade Commission, must be approved by a federal court before Twitter faces any civil penalties. If signed off, the social media platform is also obligated to provide annual certifications of compliance from a senior officer, submit a