Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Twitter Risks Fines, Musk Liability for Potential Data Lapses

Nov. 14, 2022, 10:04 AM

Twitter Inc.‘s wave of executive turnover risks bringing a fine for the company and personal liability for new owner Elon Musk over potential data privacy and security lapses.

The social platform is subject to ongoing scrutiny from the Federal Trade Commission as part of an earlier enforcement deal reached over previous issues with protecting user data. If Twitter is found to breach the deal, the FTC could seek hefty financial penalties and impose compliance restrictions on Musk himself, according to former regulators.

An agency spokesperson said the commission is tracking recent developments at Twitter with “deep concern,” after the company’s chief information security officer, chief privacy officer, and chief compliance officer resigned. As part of an agreement with the commission, Twitter must designate an executive or team responsible for decisions related to users’ personal information. Twitter didn’t immediately respond to an emailed request for comment on whether the roles would be refilled.

“The FTC is rightly concerned about access to personal data and Twitter’s ability to control its own platform,” said David Vladeck, a law professor at Georgetown University who led the agency’s consumer protection bureau at the time of Twitter’s 2011 consent decree.

Musk announced widespread firings at the company soon after he took over. The sharply scaled-down staff may struggle to deal with security threats, Alex Stamos, former chief security officer of Facebook, said in a tweet.

Regulatory Risks

Twitter agreed in May to pay $150 million to settle more recent FTC allegations that phone numbers collected for security purposes were used for advertising, in violation of the previous regulatory order.

Such penalties are calculated according to how many people were harmed, meaning a possible new fine against Twitter could reach billions of dollars due to the size of its user base.

“If a lot of users are affected, you get a lot of zeros,” said William Kovacic, a former FTC commissioner and current law professor at George Washington University.

The commission also could seek to name Musk in a potential enforcement action, putting him on the hook to ensure compliance or pay penalties for noncompliance.

In a recent enforcement action brought over a data breach at alcohol delivery company Drizly Inc., the FTC made security compliance measures apply personally to the chief executive officer and follow the CEO even if he leaves the company.

“Following the Drizly matter, we can expect to see more consent orders that bind CEOs personally,” said Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory. Pfefferkorn formerly served as outside counsel at Twitter, though she said her perspective on the company’s current situation isn’t connected to that role.

The FTC may already be looking into Twitter in relation to a whistleblower complaint from a former head of security that criticized the platform’s data management. Given those high-profile allegations, “it seems likely somebody at the FTC was already keeping an eagle eye on Twitter,” Pfefferkorn said in an email.

To contact the reporter on this story: Andrea Vittorio in Washington at

To contact the editors responsible for this story: Adam M. Taylor at; Jay-Anne B. Casuga at; Cheryl Saenz at