$150 Million Fine to Twitter Over Privacy Violations; Email and Phone for “Account Security” Used in Targeted Advertising Without User Knowledge
Tuesday, May 31, 2022
Given the ultimate fine amount of only about 13% of Twitter’s quarterly revenue, it is possible to believe that Twitter did not care all that much about the consequences of regulatory action. The amount represents just a little over a dollar for every user of the platform thought to be impacted by privacy violations; Twitter makes much more than that per user each year, let alone over the course of the multi-year breach window.
Ilia Kolochenko, Founder, CEO and Chief Architect at ImmuniWeb, provided some thoughts on why the fine amount ultimately ended up being relatively low: “The $150 million settlement is just a small fraction of the record $8 billion FTC’s settlement with Facebook in 2019, also stemming from privacy violations. Probably, Twitter’s annual revenue and profitability were taken into consideration by the FTC when calculating the amount. This settlement is, however, an unambiguous and expressive message that the FTC has been and will continue regulating privacy in the US amid the fragmented state privacy legislation and missing federal privacy law. Contrasted to GDPR in Europe or LGPD in Brazil, the FTC Act does not have direct privacy protection provisions, but is powerful to police for penalizing deceptive or unfair trade practices: when, for instance, a social network misleads its users about how their personal data will be used or protected. It is interesting whether privacy-sensitive European regulators, pursuing their harsh enforcement policy, will commence a new probe on Twitter over the possibly previously unknown facts exposed by this settlement. In the EU, the fine may be significantly higher.”
It is unclear what impact, if any, the privacy violations might have on Elon Musk’s highly publicized bid to take over the company. The sale was not set to be finalized until the end of summer at the earliest, and Musk has since shown some signs of hesitancy over the amount of bots that are populating the platform’s user base. The company’s history of breaches and privacy violations has not been raised as a potential issue, however, at least not as of yet. Musk has proposed a $44 billion price for the company, pledging $33.5 billion of his own money. But he has also “liked” and positively replied to the Twitter posts of users suggesting that the company’s valuation should be reduced given the amount of bots that appear to be masquerading as real users. Read Full Article