Silkie Carlo, of privacy campaign group Big Brother Watch, said the debacle is a “profoundly disappointing reflection” of social media companies’ attitudes towards users’ privacy, security and data rights.
Twitter under fire for profiting from millions of UK users data which it illegally sold to advertisers
The crooks that run the global social media corps are at it again. Of course, they take Facebook’s lead where last July Facebook’s stock price actually went up after news of a record-breaking $5 billion FTC fine for various privacy violations. Just to repeat that – the fine was five thousand million dollars – and the stock price went up!
That, as The New York Times’ Mike Isaac points out, is the real story here: the United States government spent months coming up with a punishment for Facebook’s long list of privacy-related law-breaking, and the best it could do was so weak that Facebook’s stock price went up. Zuch was laughing all the way to the bank. In the meantime, misinformation, disinformation, fake news and illegal political campaign targeting in Britain continues – all with the blessing of the National Crime Agency, who recently decided that it all too difficult for them – so they gave up.
Now Twitter is in the firing line – again. It has been accused of ‘unfairly’ profiteering from the personal data of up to 14.1 million people in the UK after it used their email addresses and telephone numbers to sell targeted advertising without their knowledge. Twitter stole these details as they had no legal right to sell them.
The San Francisco-based social media giant admitted that it allowed advertisers to benefit from email addresses and phone numbers which it was given by users for security reasons.
The revelations triggered what some say was a furious backlash in London.
Tory MP Damian Collins, chairman of the Commons’ digital committee, accused Twitter of trampling over users’ rights to squeeze out profits by aggressively targeting them with personalised adverts.
SafeSubcribe/Instant Unsubscribe - One Email, Every Sunday Morning - So You Miss Nothing - That's It
He said: “This is a significant breach and a ‘hands up apology’ is not enough for Twitter to escape a thorough investigation into how individuals’ data could have been misused. Unintentional use is no defence. People trust that their personal data – email addresses and phone numbers – are safe in the hands of tech companies, who have a legal duty to keep it safe.”
It is understood that all of Twitter’s 140 million global users could have been affected, although the company has not confirmed any figures. The firm generated $727m in advertising revenue in the second quarter of this year.
Twitter had users’ emails and phone numbers because it uses a security process called two-factor authentication, where they have to log in using a code which has been text to their mobile. They did not know this data would be used for advertising purposes.
Fellow campaign group Privacy International said the breach, which could have impacted anyone using two-factor authentication on the site until last month, is hugely concerning in light of European data protection laws.
Twitter, which has its European headquarters in Dublin, has notified the Irish Data Protection Commissioner of what happened and apologised.
The watchdog, which has the power to fine firms up to 4pc of their worldwide revenue if they break the law, confirmed it is engaging with the company to establish further details. Not that it will of course, because generally speaking, they don’t which is why social media companies such as Facebook, Twitter and their associated organisations are constantly in the press for privacy violations.
If the main Boards of these companies were held personally accountable, perhaps they might think twice about constantly breaking laws. But they don’t and the evidence is piling up that data breaches need to be dealt with with considerably greater force than they are.
Uber got fined for a security incident affecting the personal data of 2.7 million users and 82,000 drivers, but what is a £385,000 fine worth to them – peanuts.
It also slapped Yahoo! UK Services Ltd was slapped with a measly £250,000 penalty relating to a breach affecting the data of approximately 500 million users worldwide. Equifax was fined £500,000 for its security debacle affecting the personal data of up to 15 million UK residents. The list goes on. The trouble with social media companies is that they deliberately steal the data and sell it on whereas other companies simply can’t be bothered to pay for the right security systems over their networks.
As for Twitter – this is the latest in a series of breaches for the company, which last year admitted it stored users’ passwords in plain text and confirmed a location data leak.
Respected ad-tech and cybersecurity expert Dr Augustine Fou, who was previously chief digital officer at media agency Omnicom’s healthcare division, also branded Twitter’s announcement as “total chickenshit“.