Twitter may face soon face fines of up to $250 million for privacy data violations from the Federal Trade Commission.
The company received a draft complaint from the commission on July 28, alleging that the company has used phone numbers and email addresses provided for safety and security purposes, such as two-factor authentications, to target ads, in a violation of a 2011 agreement of the company with the commission.
The company admitted to the practice last October, calling it an “error,” according to Twitter’s help page. The company maintains that no personal data was shared externally with its partners or with any third parties and that it has since remedied the mistake.
Twitter said in a company filing that “the matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome.” The company could face fines of anywhere between $150 million to $250 million.
Twitter has had its fair share of data privacy issues, including a shocking recent hack of 130 accounts, including those of President Donald J. Trump and former president Barack Obama. The agreement that Twitter is alleged to have violated forbids Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information” for 20 years, according to a statement. 
Stephanie Liu is assistant editor of Internal Audit 360°