Twitter is bracing for a US$250 million fine from US regulators for using the phone numbers provided by its users for security to target them with ads. The social platform disclosed the practice in October last year and claims it was done “inadvertently” but can not say how many users have been affected.

In documents filed to the US Securities and Exchange Commission last week, Twitter revealed it has set aside US$150 million for a potential fine from the Federal Trade Commission for alleged breaches of a 2011 order from the regulator to no longer mislead consumers about how it protects their personal information – a 10-year agreement stemming from Twitter’s failure to protect user data in 2009.

Twitter says the FTC sent a draft complaint on July 28th alleging the company used phone numbers and/or email address data provided for safety and security purposes like two-factor authentication for targeted advertising between 2013 and 2019.

The social media platform expects the fine to be significant, saying the “range of probable loss in this matter is $150 million to $250 million”. 

“The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome,” Twitter’s SEC filing says.

The FTC confirmed to The Verge it has an “open investigation of Twitter”.

Twitter disclosed it had “inadvertently” used phone numbers and email addresses for targeted advertising in a blog post in October 2019 shortly after they discovered the “error”. 

Two of the company’s advertising systems, Tailored Audiences and Partner Audiences, were able to use the phone and email data, allowing advertisers to find and target people they already had the email or phone data of, either through their own data sets or via third parties’ lists.

Twitter says it addressed the issue when discovered and no personal data was shared with third parties but it can not say how many people may have been impacted.

The blog post says: “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologise.”

Previous post

How Beyond Blue spun up its coronavirus support service in 8 days

Next post

Uncertainty around costs, skills and data sovereignty is holding Cloud back in government