Facebook isn’t the only social network to have blundered with users’ privacy. 

Twitter is the latest member of the club, acknowledging a pair of gaffs this week, a few months after Facebook’s $5 billion FTC fine for failing to protect users’ personal data.

Twitter said that for more than a year it may have shared data, when it wasn’t given permission to do so, from users that clicked or viewed an ad for a mobile application. It also said that since September it might have served advertisements to users based on inferences about a user’s devices. Again, this was done without users’ authorization. 

San Francisco-based Twitter said that it solved the problems and apologized.

“You trust us to follow your choices, and we failed here,” the company said. “We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again.” 

It wasn’t Twitter’s first “I’m sorry.” In May it hung its head after saying it might have accidentally shared location data from some iPhone users. The company’s plan to remove location data from the information sent to a “trusted partner” whom it didn’t name “did not happen as planned,” according to Twitter.

Like Facebook, Twitter has had a run-in with the Federal Trade Commission. The company settled charges in 2010 that it failed to safeguard users’ personal information. Security lapses had allowed hackers to obtain unauthorized control of Twitter and send out phony Tweets from accounts belonging to the then-President-elect Barack Obama and Fox News, among others. 

Facebook also is no stranger to apologies. Chief Executive Officer Mark Zuckerberg has been promising to do better ever since he helped found the largest social network in his Harvard dorm room in 2004. Even so, people are still willing to share their data with the company. 

“Most people who post on Twitter aren’t posting intimate details of their lives,” Michael Pachter, an analyst with Wedbush Securities told Karma. “Facebook is different because there is an expectation of privacy. On Twitter, there is no expectation of privacy whatsoever. You put stuff out there and expect that anybody could read it.”

Still, Twitter’s apologies have cost it little besides a bit of hard-to-quantify bad publicity and a few FTC demands. It appears to have not been hit with any privacy- or disclosure-related fines. On the other hand, Facebook, the biggest social network, may not have seen the end of its troubles: a U.S. Supreme Court ruling yesterday may expose it to billions more in penalties, Reuters reported.

Like Facebook, Twitter needs to comply with the European Union’s strict new privacy law called the General Data Protection Regulation. California’s sweeping digital protections will take effect in 2020 and may encourage to follow suit.

GDPR requires the same level of protection for individual IP addresses as they do for Social Security numbers, names, and addresses. It also gives people the right to have specific personal data to be erased. Violators can face fines of $22 million, or 4% of global revenues, depending on whichever is greater.

Under California law, consumers will have the right to tell companies to delete their information and forbid them from selling or sharing their data. Other states are expected to follow the state’s lead.