The hits keep coming to Twitter headquarters.
This week, Twitter has agreed to pay a $150 million settlement to the FTC about a past misuse of user data, which saw information submitted for personal identification confirmation in error and then used in Twitter’s ad targeting efforts.
as explained by Twitter:
“On May 25, 2022, Twitter reached a settlement with the Federal Trade Commission (FTC) regarding a disclosed privacy incident in 2019 when certain email addresses and phone numbers provided for account security purposes may have been inadvertently used. for advertising purposes. This issue was resolved on September 17, 2019, and today we want to reiterate the work we will continue to do to protect the privacy and security of people who use Twitter.
The issue, as Twitter notes, became public knowledge in 2019, when Twitter revealed that it had used submitted information for account security checks as part of its data targeting process.
Twitter disclosed the first finding in its third quarter 2019 results, in which it noted that fixing this item would impact its overall revenue performance.
As Twitter CFO Ned Segal explained at the time:
“We ask people a series of questions before putting you on a timeline when you’re new to Twitter. Among the questions we ask, we ask if we can use your device settings to determine the best advertisements to show you. Turns out this setting wasn’t working as expected and we were using the device settings even though people told us not to. So when we found out about this, first we tweeted about it, which we often do to try to be transparent with people when things don’t work out as expected. And second, we disabled the setting to work as expected. This negatively impacts revenue because it’s one less input you have when determining which ads to show people. So instead of having a partial quarterly impact, you get a full quarterly impact in the fourth quarter. »
So, essentially, Twitter’s system was not respecting user privacy entries, and this flaw had been in place for six years, between 2013 and 2019.
Which is a significant breach of privacy, hence the FTC’s $150 million fine.
According to the FTC announcement:
“Twitter asked users to give out their phone numbers and email addresses to protect their accounts. The company then took advantage by allowing advertisers to use this data to target specific users. Twitter’s disappointment violates a 2011 FTC order which explicitly prohibits the company from misrepresenting its privacy and security practices.”
Although the case itself is not new and the flaw at the heart of the problem has been resolved, it is another blow for Twitter, which is in the midst of a cost-cutting campaign as it struggles to meet its own challenging revenue and growth. targets, while navigating a hostile Elon Musk takeover.
Twitter had factored this fine into its forecast, so the hit won’t be as big as it looks, but even so, $150 million is a lot to get off its books – even if it will open the way for a new era if/when Musk takes over the app.
Which always seems like a “when,” despite Musk’s protests about the platform’s number of fake profiles and other transparency issues.
Whatever happens next helps clear up Twitter’s ledger, as the FTC fine had been hanging over it for nearly three years.
The case also underscores, once again, that even a relatively minor flaw like this can have a big impact when you operate at the scale of social platforms. A small error with a few hundred people is a problem, but when it affects millions of people, the scope of that problem is greatly magnified.
And there may be other flaws yet to be found – although Twitter says it has since implemented a series of controls and processes to ensure it no longer misuses user data. .