Twitter Inc has agreed to pay $150 million to settle allegations it misused private information, like phone numbers, to target advertising after telling users the information would be used for security reasons, according to court documents filed on Wednesday.
Twitter’s settlement covers allegations that it misrepresented the “security and privacy” of user data between May 2013 and September 2019, according to the court documents.
The company will pay $150 million as part of the settlement announced by the Justice Department and the Federal Trade Commission (FTC). In addition to the monetary settlement, the agreement requires Twitter to improve its compliance practices.
The complaint said that the misrepresentations violated the FTC Act and a 2011 settlement with the agency.
“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint said.
Twitter’s chief privacy officer, Damien Kieran, said in a statement that with the settlement “we have aligned with the agency on operational updates and program enhancements” to protect user privacy and security.
Twitter is a free service that makes money primarily through advertising. Billionaire Elon Musk, who is buying the service for $44 billion, has criticized its ads-driven business model and pledged to diversify its revenue sources.
“If Twitter was not truthful here, what else is not true? This is very concerning news,” Musk said in a tweet late on Wednesday, commenting on the social media company’s ad practices and the fine.
U.S. officials pointed out that of the $3.4 billion in revenue that Twitter earned in 2019, about $3 billion was from advertising.
The company made $5 billion in revenue for 2021. It said in a filing earlier this month that it had put aside $150 million after agreeing “in principle” upon a penalty with the FTC.
“Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads,” said FTC Chair Lina Khan in a statement. “This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”
The complaint also alleges that Twitter falsely said it complied with the European Union-U.S. and Swiss-U.S. Privacy Shield Frameworks, which bar companies from using data in ways that consumers do not authorize.
Twitter’s settlement follows years of fallout over the privacy practices of tech companies.
Revelations in 2018 that Facebook, the world’s biggest social network, was using phone numbers provided for two-factor authentication to serve ads enraged privacy advocates.
Facebook, now called Meta, similarly settled with the FTC over the issue as part of a $5 billion agreement reached in 2019.