“This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue,” FTC Chair Lina Khan said in a statement.
Twitter said Wednesday that the use of the personal information for ads was “inadvertent,” and that the incident was first disclosed in 2019.
In its alleged misconduct, Twitter only ever told users that their phone numbers and email addresses were being used for account security purposes, but failed to mention advertising, according to a copy of the complaint viewed by CNN.
“From at least May 2013 until at least September 2019, Twitter misrepresented to users of its online communication service the extent to which it maintained and protected the security and privacy of their nonpublic contact information,” the complaint said.
“Twitter’s misrepresentations violate the FTC Act and the 2011 Order, which specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information,” the complaint said.
In addition to the $150 million penalty, the new proposed agreement between Twitter and the FTC to settle Wednesday’s allegations also bars the company from profiting off of what the FTC described as “deceptively collected data” and to allow for user authentication methods other than phone numbers, such as multi-factor authentication apps. The company will also be required to inform users about its failure to disclose its alleged practice of using contact information for advertising purposes.
Wednesday’s settlement must still be approved by the court.