Twitter Expects to Pay 9-Figure Fine for Violating FTC Agreement

Jack Dorsey speaks during a press event at CES 2019 - Getty-H 2019
Getty Images

The company says that it estimates a "range of probable loss" between $150 million and $250 million.

Twitter says that it has received a draft complaint from the Federal Trade Commission alleging that the company violated its 2011 consent order from the commission.

The company says that it estimates a “range of probable loss” between $150 million and $250 million and has accordingly recorded an accrual of $150 million relating to the matter.

In its quarterly 10-Q report, the company says that “the allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019.”

That means that the complaint is not related to last month’s high-profile hack of prominent accounts on the service. That security incident saw accounts from the likes of Joe Biden and Elon Musk ask followers to send them bitcoin. A suspect was arrested in the incident last month.

Rather, the complaint is likely related to a matter the company disclosed last year, when it revealed that user phone numbers and email addresses that had been provided for the purposes of two-factor authentication were also used for ad targeting purposes.

In a statement to The Hollywood Reporter, a Twitter spokesperson said, "Following the announcement of our Q2 financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order. Following standard accounting rules we included an estimated range for settlement in our 10Q filed on August 3."

Under the terms of the 2011 FTC agreement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers."

The company also agreed to build and maintain an information security program to be assessed by an independent auditor for 10 years after the agreement.