The Department of Justice and the Federal Trade Commission (FTC) announced a deal that will require Twitter Inc. to pay $150 million in civil penalties and install comprehensive compliance procedures to protect users' data privacy if it is authorized by a federal court.

The agreement is expected to resolve accusations that Twitter misrepresented how it will use users' nonpublic contact information, in violation of the FTC Act and an administrative order issued by the FTC in 2011.

The government claims that Twitter violated the FTC Act and the 2011 order by misleading users about the extent to which Twitter maintained and protected users' nonpublic contact information in a complaint filed at the US District Court for the Northern District of California.

From May 2013 until September 2019, Twitter allegedly told its users that it was collecting their phone numbers and email addresses for account security purposes, but failed to disclose that it was also using the information to help corporations send tailored adverts to customers.

According to the lawsuit, Twitter falsely claimed to comply with the European Union-US and Swiss-US Privacy Shield Frameworks, which restrict corporations from using user information for purposes other than those permitted by the users.

Vanita Gupta, Associate Attorney General states, “The Department of Justice is committed to protecting the privacy of consumers’ sensitive data. The $150 million penalty reflects the seriousness of the allegations against Twitter, and the substantial new compliance measures to be imposed as a result of today’s proposed settlement will help prevent further misleading tactics that threaten users’ privacy”.

Twitter has agreed to pay a $150 million civil penalty and install significant new compliance procedures to ensure that it changes its data privacy policies in response to the government's charges.

Twitter, for example, will be required to create and maintain a comprehensive privacy and information-security program, conduct a privacy review with a written report prior to launching any new product or service that collects users' personal information, and test its data privacy safeguards on a regular basis.

Twitter will also be required to have an independent assessor perform regular assessments of its data privacy program, provide annual compliance certifications from a senior officer, provide reports after any data privacy incidents affecting 250 or more users, and comply with numerous other reporting and record-keeping requirements.

The settlement also requires Twitter to notify all U.S. customers who joined Twitter before September 17, 2019, of the settlement and to give them privacy and security options. The Department of Justice and the Federal Trade Commission will separately be responsible for monitoring and enforcing Twitter's compliance under the conditions of the settlement.

“As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue”, states FTC Chair Lina M. Khan.

"Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” states U.S. Attorney Stephanie M. Hinds for the Northern District of California. “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable".