The FTC’s treatment of Facebook illustrates the danger to Musk and Twitter. In 2019, following a complaint alleging violation of a 2012 warrant, the agency hit the company with a record $5 billion fine and named CEO Mark Zuckerberg personally responsible for document compliance and certification under penalty of perjury. Heavy fines could be a big problem for Twitter, which was left burdened with debt as part of the Elon Musk takeover.
The chaotic first weeks of Musk’s ownership of Twitter have already suggested the company is in danger of missing some of its FTC requirements. The Verge reported that the recent relaunch of Twitter’s subscription service has skipped traditional privacy and security reviews and that corporate lawyers have asked employees to self-certify their compliance with FTC orders. The Company is required to designate no more than five people to make decisions about how personal information such as email addresses and phone numbers is collected and used, and to maintain comprehensive privacy and information security programs.
According to an email from The Verge, Musk assured Twitter employees that the company will do everything possible to comply with the FTC order. But a corporate lawyer posted a note internally warning that Twitter’s current head of legal affairs, Alex Spiro, said the platform’s new owner intends to take big risks because “Elon is sending rockets into space. He’s not afraid for the FTC.”
Following questions from Twitter employees who were concerned that they could be held personally liable for consent warrant violations and face jail time, Spiro told employees that compliance is critical for the company, according to an email seen by TechCrunch. , not for individual employees, and shared plans to comply with decree mandates.
Of course, internal reviews and external audits, like the kind the FTC requires of Twitter, don’t always reveal problems. A similar FTC order for Facebook failed to prevent the Cambridge Analytica scandal, in which the company, on behalf of Trump’s 2016 presidential campaign, used a third-party app to collect the data of more than 50 million people without consent. And documents obtained by Bloomberg Law found that Twitter’s compliance with the 2011 FTC order did not present shortcomings later highlighted by security expert-turned-whistleblower Peiter “Mudge” Zatko in recent congressional testimony, who said the company lacked basic security measures. such as systems to prevent employees from reviewing user data.
Musk’s tenure at Twitter is also under scrutiny from regulators in Ireland and the European Union, who have indicated they keep an eye on the company, and in particular its compliance with EU data protection law. Last week, the EU Digital Services Act also entered into force. That means major platforms must conduct risk assessments by February 2024, report on the use of automation in services such as content moderation, and review details about their algorithms, such as their error rates. Failure to comply can lead to fines of up to 6 percent of global turnover.
Musk may have shown Twitter users and contributors — and the rest of the watching world — in recent weeks that he’s willing to flout the rules at times and make sweeping changes in his new company. But he can’t change Twitter’s history of poor security, or the fact that it will need close scrutiny by the FTC for the next 20 years.
