Following Elon Musk’s chaotic takeover of Twitter, the beleaguered social media company is at a high risk of violating the consent decree it signed with the Federal Trade Commission (FTC) in 2011, which resulted from the agency’s investigation into Twitter’s privacy practices.
Consent decrees are court-ordered settlement agreements that remain supervised by the court. They are frequently used to ensure that businesses and industries comply with applicable laws and regulations. The FTC is empowered to levy substantial penalties for violating a consent decree. For example, in 2019, Facebook was fined $5 billion dollars by the FTC for violating a consent decree it had signed many years ago regarding its privacy practices and use of subscribers’ personal information,
In 2011, Twitter signed a consent decree with the Federal Trade Commission based on claims that it misrepresented to users how its privacy controls worked and what information was actually being kept private. This past May, Twitter was fined $150 million for violating the same consent decree by using, for marketing purposes, phone numbers that had been collected from users to enable two-factor authentication.
Twitter’s consent decree contains stringent requirements for launching new products and services, including implementing a “comprehensive privacy and information security program” that “examine[s] and address[es] the potential privacy and security risks of new products.” Since he took over the company, Musk has forged ahead with releasing new services, including the now-canceled $8 per month Twitter account verification feature. It has been widely reported that Musk’s new legal department has been asking the company’s engineers to “self-certify” compliance with privacy rules and FTC regulations, by which they would expose themselves, rather than the company, to liability for violating those rules.
On November 10, Twitter’s Chief Information Security Officer, Chief Privacy Officer and Chief Compliance Officer all quit, citing the company’s potential FTC violations as the reason. The FTC has signaled that it is paying close attention, issuing a statement that it is “tracking recent developments at Twitter” and that reiterating that “[n]o CEO or company is above the law, and companies must follow our consent decrees.”
Penalties for violating an FTC consent decree can be as much as $46,517 per violation. If Twitter were to launch a product to millions of users without proper compliance, causing millions of violations, the fines could be in the hundreds of millions or even billions of dollars. For a company already paying $1 billion annually in interest on bank loans taken out to finance Musk’s purchase, this could put the company in a very precarious financial position and possibly drive it into bankruptcy.