The Federal Trade Commission is taking action against Twitter, Inc. for deceptively using account security data for targeted advertising.
More on the story here: https://www.ftc.gov/news-events/news/press-releases/2022/05/ftc-charges-twitter-deceptively-using-account-security-data-sell-targeted-ads
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The $150 million settlement is just a small fraction of the record $8 billion FTC’s settlement with Facebook in 2019, also stemming from privacy violations. Probably, Twitter’s annual revenue and profitability were taken into consideration by the FTC when calculating the amount.
This settlement is, however, an unambiguous and expressive message that the FTC has been and will continue regulating privacy in the US amid the fragmented state privacy legislation and missing federal privacy law. Contrasted to GDPR in Europe or LGPD in Brazil, the FTC Act does not have direct privacy protection provisions, but is powerful to police for penalizing deceptive or unfair trade practices: when, for instance, a social network misleads its users about how their personal data will be used or protected.
It is interesting whether privacy-sensitive European regulators, pursuing their harsh enforcement policy, will commence a new probe on Twitter over the possibly previously unknown facts exposed by this settlement. In the EU, the fine may be significantly higher.