Social network Twitter has been issued with a hefty $150 million fine for violating one of the golden tenets of user privacy; misusing customer information provided to them explicitly for the purposes of security.
We – along with almost every other online privacy & security website – are always advocating for two-factor authentication (2FA) to help protect your online accounts. It provides an extra layer of security to help prevent crooks from accessing your account if they manage to get hold of your password by requiring an extra PIN that is sent to your phone, email or provided by an authenticator app.
Most platforms – including Twitter – offer 2FA, and many actively encourage users to enter their phone number as a means to help protect their account.
But it’s reasonable to assume that this information isn’t going to be treated in the same way as other information you offer-up to social networks. Yes, if you voluntarily provide free-to-use social networks data about yourself, there is an expectation that that data goes to targeted advertising. It is, after all, how social networks make money.
However, if a social network urges (or forces) a user to enter contact information on the pretext of protecting their account, then likewise there should be a reasonable expectation that that information won’t be used to target the user with advertisements. Such information is offered to secure your account. Not as another way for social networks to make money off of their users.
Sponsored Content. Continued below...
It turns out back in 2011 Twitter agreed with this basic principle with the FTC, and as such signed an agreement that they would not do this. And then that’s exactly what they did.
FTC Chair Lina M. Khan said –
Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users, while boosting Twitter’s primary source of revenue.
Twitter are not the first company to get into trouble for this. And it’s probably not a surprise who the other company was. Yes, Facebook.
Twitter told the FTC that they stopped misusing customer data in this way back in 2019, but that wasn’t enough to prevent them getting slapped with a $150 million fine.
Sponsored Content. Continued below...
The problem with treating data provided for the purposes of security in this manner is that it undermines ones of the most effective ways of protecting your account. Users will be less likely to offer their phone number as a way of implementing 2FA is they believe that data will be used for the purposes of advertising.
But that doesn’t mean you should shy away from doing it, though. 2FA is an incredibly powerful way of protecting you against most types of phishing attacks, and you don’t have to provide your phone number to implement 2FA. We always recommend using an authenticator app which generates a code for you to enter instead of needing to have one sent to your phone.