Twitter introduced the world to the concept of communicating with short posts. But the FTC says that doesn’t mean taking shortcuts with people’s privacy. Today, the FTC announced that Twitter must pay $150 million to settle a complaint—filed by the US Department of Justice on behalf of the FTC—that said Twitter collected user information for one purpose (to secure accounts). and used it for another (targeted ads).
According to complaintTwitter told people it was collecting users’ phone numbers and email addresses for various security purposes — like enabling multi-factor authentication (a security feature that requires additional steps beyond password login). But the FTC says Twitter didn’t tell people their information was also used to target them with ads. Today’s settlement means Twitter must put in place a comprehensive privacy and data security program to protect user data. Twitter must also disclose why and how it collects, shares and uses your personal information and provide a multi-factor authentication option that doesn’t require you to provide a phone number.
The lesson here?
- Use mmulti-factor authentication whenever possible. This helps protect your information because it makes it harder for fraudsters to access your accounts, even if they manage to steal your username and password.
- Choose forms of multi-factor authentication that do not include personal information if offered. This also protects your privacy. Look for things like authentication apps or physical tokens. If you must choose security questions, choose questions that only you know the answer to. You can also enter random answers to make guessing more difficult. However, if you do this, you will need to remember the answers you use.
- Check your privacy settings. If you don’t want to receive targeted ads, look in your privacy settings to see if you can opt out. Some platforms allow you to do this. To avoid targeted ads more broadly, check out the National Advertising Initiative and the Digital Advertising Alliance.
