The Federal Trade Commission fined Twitter $150 million for privacy violations earlier this year in connection with its finding that Twitter "inadvertently" allowed marketers to target advertisements using user contact information. The information at issue was collected for account security/authentication purposes, and the FTC says that using it for a different use was a violation of Twitter's privacy policy.
Now, a class plaintiff has filed suit on the basis of these same facts, arguing that she is entitled to recover damages for Twitter's use of her contact information for advertising rather than just security purposes. In an interesting twist, Twitter has said in its defense that it never said it wouldn't use the security information for advertising purposes.
Why It Matters
Although not many companies present as valuable a target as Twitter, it is worth remembering that an adverse finding in the regulatory area can lead to litigation in a civil suit for privacy matters.
Further, the bottom line for any company is this: what you say in your privacy policy matters. It is difficult to rely on silence as a defense. If you tell a user that you are collecting specific data for a specific purpose, you do not necessarily have the right to use that information for a different purpose. This is becoming more and more true as privacy rights laws take hold across the country.