Twitter, the FTC, and Deceptive Practices, New Regulations

May 27, 2022 | 4 minutes read
Twitter, the FTC, and Deceptive Practices, New Regulations

On May 25, 2022, the U.S. Federal Trade Commission or the FTC for short fined communications and social media company Twitter $150 million in civil penalties for “violations of Section 5(a) of the Federal Trade Commission Act of 1914 (‘the FTC Act‘) and of a 2011 order previously issued by the FTC, for deceptively using account security data for targeted advertising.” Under the FTC Act, businesses and organizations within the U.S. are prohibited from selling products or services, or obtaining personal information from consumers through the use of deceptive, unfair, or illegal practices. To this point, businesses that fail to adhere to the law are subject to numerous penalties.

What did Twitter do to violate the law?

The violations that were imposed against Twitter in May of 2012 stem from a string of compliance that the FTC filed against the company dating back to 2010. In 2010, the FTC alleged that Twitter effectively failed to protect the personal information of the various users of its site, as hackers had been able to gain unauthorized administrative control of the social media platform. In turn, these hackers were able to access non-public user accounts and information, as well as tweets that had been designated as private. What’s more, the hackers also went so far as to send out fake tweets from legitimate users, including then-Present Barack Obama, as well as major U.S. news channel Fox News, among others.

To accomplish all this, the FTC claimed that the hackers in question used a weak and extremely common lowercase dictionary, that contained neither capital letters, nor special characters, two basic features of strong passwords. According to the FTC, these hackers were able to gain access to the social media site so easily due to various failures on the part of the company as it concerns the safeguarding of their user information and data. Most notably, the FTC claimed that Twitter had misled its users about the steps and measures that the company had taken to protect their data. In the end, the social media company reached a settlement with the FTC, including the mandatory establishment of a comprehensive information security program, among other provisions.

Despite this, the FTC has reported that Twitter failed to comply with the stipulations that were set forth in their 2011 agreement with the FTC, as the company racked up a litany of new violations between 2013 to 2019. During this period of time, the FTC alleges that the company requested a wide range of personal information from its users, including telephone numbers and email addresses, under the guise of providing said users with two-factor authentication in order to better protect their accounts. However, the FTC claims that this information was instead used for the purpose of engaging in targeted advertising, a clear violation of the FTC Act. These target ads led to millions of dollars in revenue for the company.

What are the provisions of Twitter’s new settlement with the FTC?

In addition to paying $150 million in civil penalties for violating the FTC Act, the social media company is also required to implement a variety of procedures aimed at ensuring that the information of its users remains protected from unauthorized access or disclosure. These provisions include:

While many American consumers may view privacy in the context of individual hackers or bad actors looking to pilfer their personal information, the rise of internet access and communication in the past 20 years has completed altered the landscape of privacy and data protection. As such, consumers must also be vigilant about the forms of personal information they submit when using major websites and online applications such as Twitter, as this information can also be used for nefarious purposes. With this being said, the various violations that have been made against Twitter on behalf of the FTC display the potential dangers that can occur when big businesses are not regulated with respect to their collection of personal information.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »