At issue is whether Twitter is violating the consent decree it had entered into with the Federal Trade Commission (FTC) in 2011 after it was hacked.
Listen To This Story
|
On their first day of work, some people are greeted with gift baskets and the like. A different kind of “present” awaited Linda Yaccarino, who took over as CEO of Twitter on Monday: a letter from four Democratic senators reminding her that neither the company she now runs nor her employer, Twitter owner Elon Musk, are above the law when it comes to protecting the privacy of the social media site’s users.
At issue is whether Twitter is violating the consent decree it had entered into with the Federal Trade Commission (FTC) in 2011 after it was hacked.
Pursuant to that agreement, Twitter was barred from “misrepresent[ing] in any manner, expressly or by implication, the extent to which respondent maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information.”
Following additional security lapses, Twitter was fined $150 million last May and entered into a separate consent decree that subjected the company to additional obligations.
In their letter to Yaccarino and Musk, the four senators express doubt that Twitter is meeting them. They note that, since purchasing the company, Musk has drastically reduced its workforce, introduced new products, and made many other, apparently rash, decisions.
“These personnel changes, firsthand accounts from employees, and hasty launch of new products raise questions about whether Twitter is able to comply with its obligations under the FTC consent decree,” wrote Democratic Sens. Elizabeth Warren (MA), Ron Wyden (OR), Ed Markey (D-MA), and Mazie Hirono (D-HI), adding, “Mr. Musk’s behavior reveals an apparent indifference towards Twitter’s longstanding legal obligations, which did not disappear when Mr. Musk took over the company.”
The obligations that the lawmakers are referring to include the requirement to file a sworn compliance notice in case the company structure changes, e.g., following the sale of the company to Musk last year. In addition, Twitter has to establish and maintain a security program; conduct an assessment of potential privacy, security, confidentiality, and integrity risks prior to launching new products (such as “Twitter Blue,” the company’s new subscription model); and report any security breaches involving more than 250 users.
“Regardless of his personal wealth, Mr. Musk is not exempt from the law, and neither is the company he purchased,” the senators write. “Twitter must meet the requirements it agreed to under the 2011 and 2022 FTC agreements.”
To determine whether that is the case, the lawmakers present a series of questions and put Yaccarino and Musk on notice that they expect the answers by June 18.
Specifically, the senators demand whether Twitter has filed a sworn compliance notice regarding changes in its structure since the last consent agreement was reached. In addition, they request information on the “comprehensive privacy and information security program” that the company agreed to maintain.
In each case, the lawmakers want to know whether the reduction in Twitter’s workforce compromised the company’s ability to comply with its obligations under the consent decrees.
Furthermore, the senators ask whether Twitter has conducted the required security assessment prior to the launch of Twitter Blue or any other new or modified products since Musk purchased the company last October.
The Senate Democrats are not the only ones who vowed to keep an eye on Twitter.
As WhoWhatWhy reported last week, a high-ranking European Union (EU) official put the company on notice that, even though it withdrew from a voluntary agreement to fight disinformation, it has to comply with the EU’s new Digital Services Effect when it goes into effect in August.
“You can run but you can’t hide,” European Commissioner Thierry Breton wrote on the social media platform itself in announcing that Twitter had withdrawn from the agreement. “Obligations remain.”