MICROBLOGGING WEBSITE Twitter is being probed by the Irish Data Privacy Commissioner (IDPC) over its refusal to disclose information it collects from its URL-shortening system.
When users share links on Twitter, the service applies its own t.co link-shorting service, which the company claims allows it to measure how many times a link has been clicked and helps it to fight the spread of malware on the platform.
Privacy researcher Michael Veale suspects that Twitter gets more information when people click on t.co links, including IP addresses and devices used, and claims it might use them to track those people as they browse the web.
Under the EU's newly-enforced General Data Protection Regulation (GDPR), he asked Twitter to hand over all the personal data it holds on him. However, the company refused to hand over the data it recorded when Veale clicked on t.co links, claiming GDPR allowed it to do so on "disproportionate effort", according to a report by Fortune.
"Data which looks a bit creepy, generally data which looks like web-browsing history, [is something] companies are very keen to keep out of data access requests," said Veale. "The user has a right to understand."
Veale, which claims Twitter was misinterpreting the text of the law, subsequently raised his concerns with the IDPC, which confirmed in a letter that it was opening an investigation into Twitter and its URL-shortening service.
"The DPC has initiated a formal statutory inquiry in respect of your complaint," the watchdog said.
"The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect."
The IDPC noted that, as Veale's complaint involved "cross-border processing", the complained would likely be handed to the new European Data Protection Board.
Twitter declined to comment, saying only that it was "actively engaged" with the IDPC. If found to be in breach of GDPR, the company could face a fine of up to €20m or up to 4 per cent of its global annual revenue. µ
Unless you have an Apple Card, presumably
We tested both next-gen networks at six locations across central London
Firm follows Apple with opt-in policy
Unlike and unsubscribe