United States of America: Approved FTC final order imposing a USD 150 million penalty on Twitter for misuse of account security data

On 26 May 2022, the United States District Court Northern District of California approved the Federal Trade Commission (FTC) final order in the case against Twitter over misuse of account security data. The final order imposes a USD 150 million penalty, prohibits Twitter from profiting from deceptively collected data, requires to notify affected users and develop a comprehensive privacy program subject to regular assessments. In its complaint, FTC stated that since 2013, Twitter collected user data, including phone numbers and email addresses, claiming to use it only for the protection of user accounts. However, the FTC found that Twitter gave access to this data on over 140 million users to advertisers, to be used to target users with advertisements. The FTC qualifies this deception by Twitter as a misrepresentation of its privacy and security practice, which is in violation of a 2011 FTC order.