Twitter used account security information to lead advertisers to users
08 Oct 2019 12:00 am by Dave Perera
Microblogging platform Twitter today said it used email addresses and phone numbers provided by consumers for security purposes for advertising ends — similar to behavior that got Facebook in trouble with the Federal Trade Commission.
Twitter itself is already under a 20-year consent agreement with the FTC stemming from a 2011 complaint that the social media platform misrepresented its security and privacy measures. Under the order, it can't "misrepresent in any manner" the extent to which it protects the security and privacy of its users' private information.
Twitter said it had allowed advertisers looking to target specific individuals based on internal or third-party marketing data to verify the identities of Twitter users by using emails and phone numbers those same users provided to the social media company to protect their accounts.
Most online platforms, including Twitter, allow consumers to turn on “second-factor authentication,” meaning that when logging on, the platform sends a one-time code to a mobile phone or email account.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize,” Twitter said in a blog post. The company stopped the practice on Sept. 17 and doesn’t have an estimate of how many people are affected by the advertising, it also said.
Similar behavior by Facebook earned that social media company censure by the Federal Trade Commission in the agency’s July settlement ending an ongoing investigation into the company’s privacy practices.
Facebook encouraged users since May 2011 to turn on second-factor authentication by supplying a phone number. In the FTC complaint against Facebook, the agency says Facebook did not adequately disclose that those same phone numbers “would also be used by Facebook to target advertisements.”
A Twitter spokesperson didn't respond immediately to questions about how long the practice to reuse user account information for advertising purposes endured, nor whether the company has been in touch with the FTC.
14 Oct 2020 12:55 am by Jet Damazo-SantosAfter the Philippine privacy regulator issued another harsh warning against privacy violations, members of a data protection group began raising questions.
09 Oct 2020 9:17 pm by Jakub KrupaThe UK already had a high wall to climb for it to win an adequacy decision that will let it continue data flows to the EU after Brexit.
02 Oct 2020 11:00 am by Amy MillerCanadian tech companies will soon be subject to tougher privacy laws as lawmakers face intense pressure to keep pace with European privacy standards.