Why Twitter's $150M Fine is a Massive Blow to Privacy and User Data Security
In an already turbulent time for the social media giant, Twitter’s stock price took another blow yesterday when it was announced that the company would be fined $150 million for its poor handling of user data in the Cambridge Analytica scandal.
The fine, imposed by the FTC (Federal Trade Commission), is a result of a violation of a consent agreement reached between the regulator and social media platform back in 2012.
The original agreement outlined that Twitter could not give user data to third-party developers without first getting users to agree to such sharing of information. Unfortunately, it appears that no such measures were put into place until six years later.
Although this is certainly only one more drop in the bucket for Twitter – which has been struggling over recent months – fortunately, there are some takeaways we can all learn from this unfortunate situation: privacy and user data security are never something to take lightly.
Twitter's $150M Fine Is a Blow to User
The fine is a massive blow to user privacy and security because it illustrates that the social media giant, as well as its parent company, is taking a lax approach to data protection and user privacy, particularly in light of all of the recent changes to its privacy policies.
This fine is only the latest in a series of privacy and security-related missteps by Twitter, including the recent decision to change its default setting to "public" – which means that all tweets are viewable by anyone, even if one does not have a Twitter account.
Given the fact that many Twitter users are journalists, government officials, and other people whose tweets are crucial to their professional lives, this change posed a major threat to their security and privacy.
Why the Fine is Bad for User Privacy and Security
This fine is bad for user privacy and security for several reasons. First, it suggests that the FTC is far less stringent about data protection and privacy than it once was.
Indeed, the original consent agreement between Twitter and the FTC was signed in 2012 – nearly a decade after the passage of the GDPR – and yet, Twitter failed to abide by the very principles laid out by the GDPR.
Moreover, this fine is bad for user privacy and security because it suggests that there is a lack of user-focused thinking within Twitter and its leadership.
Indeed, it is hard to fathom how a company as large as Twitter could make such egregious errors in its handling of user data and then take six years to correct them.
Additionally, it is bad for user privacy and data security because it shows that Twitter – and likely many other social media companies – do not seem to care much about protecting user data.
Indeed, this fine is the first time Twitter has been fined for a violation of the 2012 agreement.
How Cambridge Analytica Breached Twitter's Core Practices
Perhaps most concerning of all, however, is the fact that Cambridge Analytica did not breach any specific practices related to privacy and security that were outlined in the original agreement.
Instead, the company breached Twitter’s core practices, which are the company’s internal guidelines for protecting user data.
This is particularly alarming as it shows that companies can easily find ways to circumvent legal agreements.
Moreover, it suggests that some companies may not be taking their internal data protection practices seriously enough. It also suggests that the FTC should consider more stringent ways of holding companies accountable for protecting user data and privacy.
Indeed, yesterday was a dark day for user data security, not only because of the fine levied against Twitter, but also because of the news that the FTC may be closing its investigation into Facebook’s role in Cambridge Analytica’s scandal.
This investigation has been ongoing since March of this year and suggests that the FTC is far more concerned about protecting user data than it is protecting user privacy. Indeed, there are several ways in which the FTC could protect user data without violating user privacy rights.
Instead, the FTC has been focusing on the collection of user data – even though the collection of data is necessary for the functioning of many online services.
Indeed, it is possible that the FTC is not interested in actually protecting user data and privacy – but only in issuing fines to companies that violate consent agreements.
Lessons Learned from the Cambridge Analytica/Twitter Scandal
There are three main lessons to be learned from the Cambridge Analytica/Twitter scandal. First and foremost, both companies failed to take user data protection and privacy seriously enough.
Secondly, there is a lack of user-focused thinking within the leadership of both social media giants. And finally, this is a dark day for user data security.
Ultimately, this scandal is a reminder to all of us that as social media users, we need to be vigilant about the information that we share with these companies, as well as the data security practices these companies.