Twitter faces privacy watchdog investigation after denying user data request
Ireland's Data Protection Commission (DPC) is investigating Twitter over the data it collects using its link shortening service, t.co.
The move from the privacy watchdog came after a user claimed that the company denied handing over his data, violating his right to request data under the GDPR - EU's comprehensive new privacy law.
Here's more on it.
Questions raised over link tracking data
Twitter uses its link shortening system as a tool to prevent malicious links from spreading as well as to determine the number of clicks on a link.
However, UK-based privacy researcher Michael Veale suspected these short links might be tracking browser cookies and recording device information and timestamps, making it feasible for Twitter to track their location while surfing.
So, he requested data collected by Twitter
Veale exercised his 'Right To Understand' under GDPR and asked Twitter to provide all the data it had collected on him via t.co.
Under GDPR, every EU citizen has a right to request data collected on them by any company. But, Twitter denied that request, citing an exception to GDPR for demand involving a disproportionate effort.
This prompted Veale to file a complaint.
Love Tech news?
Stay updated with the latest happenings.
Yes, notify Me
Here's what DPC told Veale post launching an investigation
"The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect," DPC reportedly told Veale.
Notably, this is GDPR's first probe against Twitter
This is the first case of GDPR-related investigation against Twitter. The company has not issued a statement on the matter, but Veale says it is misinterpreting the law's text to restrict his right to access.
If it is revealed the service is collecting location information and other critical data via short links in violation of GDPR, it could face fines up to $96 million.
Data Protection Commission
Irish Data Protection
Right To Understand