Over the past year, a trend has emerged of increased government inquiries into the inner operations of social networks and other premier tech firms. The trend continued again on Thursday as data privacy regulators in Ireland are now opening up an investigation into Twitter’s data collection practices. Specifically, the regulators are looking into how much data Twitter receives from its URL-shortening system, t.co.
The Ireland Data Protection Commission is investigating the social network since they refused to provide their t.co web link tracking data to UK professor, Michael Veale. Their refusal to comply with the request is potentially a violation of the EU’s allowance for requests under GDPR. The privacy expert said that Twitter refused to cite an exception to GDPR for requests that required ‘disproportionate effort’.
By contrast, Veale believed that twitter was distorting the law in order to limit the information they handed over to the authorities. A new GDPR regulation, which was first enforced in May, requires that tech companies aim towards a more transparent relationship with user data and provide their customers with data privacy rights.
He also suspected that Twitter was recording private device information and timestamps every time people clicked on the shortened clink, and claimed that it was technically within the company’s aim to determine someone’s approximate location. Veale claimed that the investigation was a matter of exercising our “right to understand” how Twitter is using our personal information.
He then wrote to the relevant privacy regulator to see if Twitter was holding up some data. He complained to the Irish DPC rather than the British equivalent since Twitter’s European headquarters are in Dublin.
Now, it appears as though the investigation is in motion. First reported by Fortune, the official inquiry is in a letter sent to Veale from the office of the Irish Data Privacy Commissioner.
The letter reads:
“The DPC has initiated a formal statutory inquiry in respect of your complaint. The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the Data Protection Act have been contravened by Twitter in this respect.”
Designed primarily as a way to save characters in the limited space offered in a tweet, link-shortening has also proven itself to be a useful tool at combatting malware and collecting fundamental analytics. These analytics service can pose a massive privacy risk when they are used in private messages.
Both Facebook and Twitter have faced legal repercussions for collecting data from links shared in private messages, albeit it was never conclusively determined whether wrong-doing had occurred in either case.
The situation could become dire if the DPC and the EU’s Data Protection Board were to find that Twitter had violated the regulations of the GDPR. It’s unlikely that Twitter would face any harsh charges for their actions, as it would be difficult to determine the severity of this violation. However, it could force Twitter to adhere to requests such as these in the future.