Privacy regulators in Ireland have started an investigation on the data Twitter collects from its URL-, or link shortening system, called t.co .
How and where did it all start?
A privacy researcher named Michael Veale – who works at University College London – asked Twitter to provide more information about the data it collects when users use its URL-shortening system. The company, however, refused to give information to the UK professor, who in turn called for quick investigative action by European privacy authorities.
The investigation request was made under the General Data Protection Regulation (GDPR), which gives EU citizens right to request any data collected on them from any company. GDPR is a comprehensive European privacy law that protects the privacy of European users and aims to give the individuals control over their data.
Under the law, business processes that manage personal data must be built and designed in such a way that they follow the principles and use the best-possible privacy settings by default, as well as provide safeguards to protect data. Additionally, data should not be available publicly without informed, explicit consent and no personal information should be processed unless it is done with a lawful basis.
Privacy researcher Veale suspected that the company gets more than the requisite information when users click on t.co links. According to Twitter, it applies its own link-shortening service (t.co) to links when users put them into tweets. This allows the company to measure the number of times a link has been clicked and helps the platform fight the spread of harmful viruses through unreliable links.
The Irish Data Protection Commission initiates a formal statutory inquiry into the link shortening
When the researcher received a negative response, he complained to the Irish DPC (Data Protection Commission), which promptly started an investigation. Veale complained in Ireland because the European operations of the company are headquartered in Dublin.
The Commission said in a letter to Veale, “The DPC has initiated a formal statutory inquiry in respect of your complaint. The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect.”
The letter further said that the new European Data Protection Board will handle the complaint as the complaint involves cross-border processing. This is the first GDPR investigation opened against Twitter. Veale, who has made a similar request for investigation against Facebook, said Twitter was recording the times the users clicked on links and the kind of devices users were using.
- Twitter Removes Locked Accounts, Some Users Lose Millions of Followers - January 7, 2019
- Canada and UK MPs Join Forces to Summon Mark Zuckerberg - December 26, 2018
- Are Facebook’s Hate Speech Rules Better than Twitter’s? - December 19, 2018
- Facebook Partnerships with Fact Checkers to Curb Fake News in Africa - December 10, 2018
- Facebook Partnerships with Fact Checkers to Curb the Spread of Fake News in Africa - November 27, 2018
- Twitter Investigated for Link Shortening - November 19, 2018
- Hackers Stole Around $60 Million in Cryptocurrency Exchange Hack - November 14, 2018
- Possible Success of Facebook’s Efforts to Limit Fake News - November 6, 2018
- Facebook’s AI Rosetta Scans Memes for Hate Speech - October 30, 2018
- France Announces Legal Framework for ICOs - October 23, 2018