Twitter will cough up $150M in fines for deceptive disclosures relating to how it used personal information. The platform asked users for certain identifying information, such as phone numbers, as a security measure; but it then used that information to target ads to those users. The federal agencies that are settling the issue with Twitter are using fair trade / deceptive trade / consumer protection laws to enforce the charges, because there is no applicable federal privacy law.
Why It Matters
First: if your privacy policy says you do, or don't do, something with personal information: adhere to that. Violating your own promises to users can get you into hot water. If you collect information for a particular purpose, do not re-purpose it.
Second: the feds have used consumer protection laws for many years as a proxy for privacy violations. Many states that have not yet passed privacy laws are starting to follow this lead. That means not adhering to the commitments in your privacy policy can be a basis for action, even when there is no applicable privacy law.