Twitter agreed to pay $150 million to settle a federal charge that it illegally used personal information of people over six years in order to sell targeted ads.

The Federal Trade Commission and Department of Justice claim that Twitter broke an agreement it made with regulators in 2011. In this agreement, Twitter promised not to use user information for security purposes like their phone numbers or email addresses to target advertisers with ads.

Federal investigators claim that Twitter violated this promise.

Lina Khan, FTC Chair, stated that Twitter had obtained user data under the pretense of security but used the data to target users.

Twitter requires that users provide an email address and a phone number in order to authenticate their accounts. This information is used to reset passwords or unlock accounts if they are blocked by the company for suspicious activity.

Twitter used that information until September 2019 to increase its advertising business. It allowed advertisers access to phone numbers and emails of users. This was against the terms of an agreement that the company had made with regulators.

Sam Levine, the head of the FTC’s Bureau of Consumer Protection, said, “If you tell people that you’re using their phones to secure their accounts and then you use them again for other purposes, then you’re deceiving and breaking the law.”

Federal prosecutors say that this information was provided by more than 140 million Twitter users based on “Twitter’s deceptive statements”.

U.S. Attorney Stephanie Hinds, Northern District of California stated that consumers who share private information have the right to find out if it is being used to target customers.

Damien Kieran (chief privacy officer at Twitter) acknowledged that some users’ personal data may have been used inadvertently for advertising purposes in a blog posting.

He stated that the company no longer sells information collected for security purposes to advertisers.

Kieran wrote that “Keeping data secure is something we take very seriously and we have cooperated every step of the FTC.”

Twitter has agreed to cease profiting from security information collected under a proposal agreement. The court still has to approve the deal. It would also limit employee access to personal data of users.

This action is reminiscent of a large settlement with FTC in 2019, which included a $5Billion fine against Facebook. In that settlement, the social media giant agreed to cease sharing information it obtained for security purposes with advertisers.

The FTC’s agreement with Twitter stipulates that regulators and an independent monitor will oversee the company’s advertising practices over the next two decades.

Justin Brookman, Consumer Reports’ director of Technology Policy, stated that as the regulators crack down on targeted ads companies like Twitter, which have relied on tracking tools for years, could face trouble.

Brookman stated that “we’re seeing a confluence regulators but also browsers/operating systems cut down cookies and cut down a lot on a lot a tools companies use to track individuals across services.” Brookman stated that in certain respects, many of these tools will disappear and that companies will have to find new revenue streams. The days of targeted ads printing money are over.

Twitter is in a difficult time right now, so the settlement was a surprise.