Bloomberg Law
May 25, 2022, 10:36 PM

Twitter Agrees to Pay $150 Million to Settle FTC Data Probe (2)

Leah Nylen
Leah Nylen
Bloomberg News

Twitter has agreed to pay $150 million to settle allegations by the US Federal Trade Commission that it misused users’ phone numbers uploaded for security purposes to target advertising, according to court filings Wednesday.

Twitter’s use of the phone numbers breached a 2011 consent decree with the FTC in which the social media platform agreed to better protect users’ personal data, according to a complaint filed by the Justice Department on behalf of the agency. The complaint also alleges that Twitter falsely claimed it had complied with user privacy protections under EU-US data transfer agreements.

The FTC lacks the authority to fine companies for a first violation, but can impose penalties for subsequent privacy breaches.

The social media company joins Alphabet Inc.’s Google and Meta Platforms Inc.’s Facebook among those sanctioned by the FTC for repeat privacy violations.

“Keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way,” Damien Kieran, chief privacy officer at Twitter, said in a blog post. The company has “aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure and their privacy protected,” he said.

Twitter’s settlement comes as billionaire Elon Musk is raising questions about the number of automated bots and fake accounts on the platform, sparking speculation he may try to walk away from his $44 billion offer to buy the company.

For more: Why Elon Musk and Twitter CEO Are Sparring Over Bots: QuickTake

Twitter’s 2011 settlement with the FTC barred the company for 20 years from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.” That agreement sprang from a 2009 hack of the social media platform that allowed intruders to send out phony messages from any account, among other issues.

From at least May 2013 until at least September 2019, Twitter misrepresented to users of its online communication service the extent to which it maintained and protected the security and privacy of their nonpublic contact information, according to the complaint.

The case is US v Twitter, 22-cv-03070, U.S. District Court Northern District of California (San Francisco).

(Updates with comments from company in the fifth paragraph.)

--With assistance from Peter Blumberg.

To contact the reporter on this story:
Leah Nylen in Washington at

To contact the editors responsible for this story:
Sara Forden at

Andrew Pollack

© 2022 Bloomberg L.P. All rights reserved. Used with permission.