On May 25, 2022, the Federal Trade Commission (FTC) announced that it, along with the Department of Justice, fined Twitter $150 million for violating a 2011 agreement the company had with the Commission. Under the 2011 FTC order, Twitter agreed that it would protect the integrity of nonpublic consumer information, including users’ phone numbers and email addresses. According to federal investigators, Twitter broke this promise.

The FTC found that Twitter requested users’ email addresses and phone numbers under the guise of protecting their accounts as part of the “two-factor authentication” method used to provide users with an additional layer of security. But rather than limit the use of users’ data for this purpose, the FTC found that Twitter used the information it received from its users to increase the company’s own profits by allowing advertisers to use that data to target advertisements towards specific users. In the FTC’s announcement, FTC Chair Lina Khan stated, “[t]his practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.”

The order proposed several corrective provisions in addition to the $150 million fine. If adopted, the order will prohibit Twitter from profiting from the data obtained in violation of the 2011 order. The new order would also require Twitter to:

  • Provide customers with alternative multi-factor authentication methods;
  • Notify users that it misused nonpublic consumer information collected for account security to target ads to them;
  • Implement and maintain a broad privacy and information security program;
  • Limit employee access to users’ personal data; and
  • Notify the FTC of any future data breaches.

To be sure, the FTC’s charge against Twitter is not surprising. The FTC previewed this issue back in October 2021 when it released findings from an FTC staff report on Internet Service Providers’ collection and use practices. The report found that even though ISPs “promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others.” The report concluded that the ISPs’ use and collection practices mirrored problems identified in other industries and emphasized the importance of regulating data collection and use. Websites using added protection to entice users to share more information should take heed to the order against Twitter. Additionally, as many tech companies have entered into consent orders with the FTC dealing with consumer protection issues, they must take appropriate measures to ensure that they are not violating those orders.


About McGuireWoods’ Government Investigations & White Collar Litigation Department
McGuireWoods’ Government Investigations & White Collar Litigation Department is a nationally recognized team of more than 80 attorneys representing Fortune 100 and other companies and individuals in civil and criminal investigations and enforcement matters at the federal and state level. The senior team consists of former federal officials, including a former deputy attorney general of the United States, former U.S. attorneys, more than a dozen federal prosecutors and an associate counsel to the president of the United States. Strategically centered in Washington, our Government Investigations & White Collar Litigation Department is recognized as an elite practice, most recently honored by Chambers USA with a highly regarded nationwide ranking for Corporate Crime & Investigations, honored twice as a White Collar Practice Group of the Year by Law360 and consistently ranked among the world’s leading investigations firms in the Global Investigations Review 100 guide to top cross-border investigations practices. The Legal 500 United States, a premier list of the country’s best law firms, also commended McGuireWoods for the “exceptional quality” of its powerhouse white collar litigation practice.