Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Twitter used account security information to lead advertisers to users
08 October 2019 00:00
Microblogging platform Twitter today said it used email addresses and phone numbers provided by consumers for security purposes for advertising ends — similar to behavior that got Facebook in trouble with the Federal Trade Commission.
Twitter itself is already under a 20-year consent agreement with the FTC stemming from a 2011 complaint that the social media platform misrepresented its security and privacy measures. Under the order, it can't "misrepresent in any manner" the extent to which it protects the security and privacy of its users' private information.
Twitter said it had allowed advertisers looking to target specific individuals based on internal or third-party marketing data to verify the identities of Twitter users by using emails and phone numbers those same users provided to the social media company to protect their accounts.
Most online platforms, including Twitter, allow consumers to turn on “second-factor authentication,” meaning that when logging on, the platform sends a one-time code to a mobile phone or email account.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize,” Twitter said in a blog post. The company stopped the practice on Sept. 17 and doesn’t have an estimate of how many people are affected by the advertising, it also said.
Similar behavior by Facebook earned that social media company censure by the Federal Trade Commission in the agency’s July settlement ending an ongoing investigation into the company’s privacy practices.
Facebook encouraged users since May 2011 to turn on second-factor authentication by supplying a phone number. In the FTC complaint against Facebook, the agency says Facebook did not adequately disclose that those same phone numbers “would also be used by Facebook to target advertisements.”
A Twitter spokesperson didn't respond immediately to questions about how long the practice to reuse user account information for advertising purposes endured, nor whether the company has been in touch with the FTC.
24 June 2022 06:27 by Laurel HenningStanding between insurers and the unimpeded use of data collected by a smart watch is industry regulation
23 June 2022 15:37 by Sam ClarkEU-based websites mustn't use Google Analytics because of rules against transferring personal data to the US, the Italian privacy watchdog ruled.