Twitter under investigation over user tracking

Science

14 Oct 2018

Twitter faces privacy watchdog investigation after denying user data request

Ireland's Data Protection Commission (DPC) is investigating Twitter over the data it collects using its link shortening service, t.co.

The move from the privacy watchdog came after a user claimed that the company denied handing over his data, violating his right to request data under the GDPR - EU's comprehensive new privacy law.

Here's more on it.

Issue

Questions raised over link tracking data

Questions raised over link tracking data

Twitter uses its link shortening system as a tool to prevent malicious links from spreading as well as to determine the number of clicks on a link.

However, UK-based privacy researcher Michael Veale suspected these short links might be tracking browser cookies and recording device information and timestamps, making it feasible for Twitter to track their location while surfing.

Data request

So, he requested data collected by Twitter

Veale exercised his 'Right To Understand' under GDPR and asked Twitter to provide all the data it had collected on him via t.co.

Under GDPR, every EU citizen has a right to request data collected on them by any company. But, Twitter denied that request, citing an exception to GDPR for demand involving a disproportionate effort.

This prompted Veale to file a complaint.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

Here's what DPC told Veale post launching an investigation

"The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect," DPC reportedly told Veale.

Twitter's first probe

Notably, this is GDPR's first probe against Twitter

Notably, this is GDPR's first probe against Twitter

This is the first case of GDPR-related investigation against Twitter. The company has not issued a statement on the matter, but Veale says it is misinterpreting the law's text to restrict his right to access.

If it is revealed the service is collecting location information and other critical data via short links in violation of GDPR, it could face fines up to $96 million.

Share this timeline

Facebook

Social Media

Twitter

Data Protection Commission

DPC

EU

GDPR

Ireland

Irish Data Protection

Michael Veale

Right To Understand

Share this timeline

Ask NewsBytes
User Image

Next Timeline