DPC investigating Twitter over alleged short-link data collection

Twitter logo. Image: victoreus/Shutterstock

The Office of the Data Protection Commission (ODPC) is investigating Twitter over alleged user tracking under GDPR.

Twitter is being probed by the ODPC over its refusal to provide a user with data about how he is tracked when he clicks on links in tweets. As was first reported by Fortune, Twitter’s use of its own link-shortening service, t.co is the crux of the investigation. The platform uses the service to measure how many clicks a link receives and it also helps to curb the spread of malware through bad links.

Privacy researcher wants answers

A privacy researcher at University College London, Michael Veale, believes that Twitter gets more information when people click on the t.co-shortened links and it may be using them to track users online using cookies.

Under GDPR, Veale asked Twitter to provide him with all of the personal data it had collected, but it refused to relinquish the data it recorded when Veale click on links in other people’s tweets. The company claimed this would require a disproportionate effort.

Veale then complained to the Irish Data Protection Commission, helmed by Helen Dixon. On Thursday last (11 October), the ODPC told Veale in a letter that it was commencing an investigation: “The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect.”

According to the letter, Veale’s complaint will be handled by the new European Data Protection Board as it involves “cross-border processing”.

Twitter says it was not obliged to hand over data

Twitter had said it would not hand over the data as GDPR allowed it to do so on grounds of “disproportionate effort”, but Veale said this exemption cannot be used to limit access requests from users. The company has said it is “actively engaged” with the Data Protection Commissioner.

Veale believes the company was definitely recording the times at which users clicked on the t.co short links and added that it was technically possible for the company to determine a user’s rough location. The platform’s privacy policy says advertisers might collect IP addresses when people click on their links.

Twitter logo. Image: victoreus/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *