After Google just got saved from GDPR’s huge fine last month, Twitter is next on the EU’s GDPR investigation checklist. This appears to be the first GDPR investigation to be opened against Twitter. Last week, the data privacy regulators in Ireland opened up an investigation against Twitter’s data collection practices. This is to analyze the amount of data Twitter receives from its URL-shortening system, t.co.
Twitter says the URL shortening allows the platform to measure the number of clicks per link, and helps it to fight the spread of malware through suspicious links.
Why did Irish data regulators choose to investigate Twitter?
This news was first reported by Fortune stating, “Michael Veale, who works at University College London, suspects that Twitter gets more information when people click on t.co links, and that it might use them to track those people as they surf the web, by leaving cookies in their browsers.”
Veale asked Twitter to provide him with all the personal data it holds on him. To which, Twitter refused claiming that providing this information would take a disproportionate effort. Following this, Veale filed a complaint to the Irish Data Protection Commission (DPC), and the authorities opened an investigation last week.
In a letter to Veale, the Irish Data Privacy Commissioner wrote, “The DPC has initiated a formal statutory inquiry in respect of your complaint. The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect.”
The Irish authorities said that Veale’s complaint will be handled by the new European Data Protection Board as Veale’s complaint involves cross-border processing. The EU Data protection body helps national data protection authorities coordinate their GDPR enforcement efforts.
Veale also prompted a similar investigation probe into Facebook, which also refused to hand over data held on users’ web-browsing activities. However, Fortune says, “ Facebook was already the subject of multiple GDPR investigations.”
Veale says, “Data which looks a bit creepy, generally data which looks like web-browsing history, [is something] companies are very keen to keep out of data access requests. The user has a right to understand.”
Twitter, however, refused to comment, saying only that it was ‘actively engaged’ with the DPC. If Twitter is found to be in GDPR’s breach list, it could face a fine of up to €20m or up to 4 percent of its global annual revenue.
To know more about this news in detail, head over to Fortune’s full coverage.
Read Next
How Twitter is defending against the Silhouette attack that discovers user identity
GDPR is good for everyone: businesses, developers, customers
