Tech Law

Twitter Sets Up Privacy Center but Moves to Skirt GDPR

Twitter on Monday announced its formation of a new Privacy Center to give users more clarity on what it does to protect the information people share.

The center will host everything relevant to Twitter’s privacy and data protection work, including initiatives, announcements, new privacy products and communication about security incidents, Twitter Data Protection Officer Damien Kieran and Product Lead Kayvon Beykpour said in an online post.

Twitter also announced the relocation of accounts of users outside the United States and European Union from its Twitter International base in Dublin to San Francisco, where they won’t be covered by the General Protection Data Regulation, the EU’s tough new data privacy law.

Twitter highlighted its work to protect the privacy and data of users in three areas: eradicating technical debt by replacing legacy systems with newer ones; building privacy into new products; and keeping the company accountable to the people who trust it with their data.

“We believe companies should be accountable to the people that trust them with their personal information, and responsible not only to protect that information but to explain how they do it,” Kiernan and Beykpour wrote.

Part PR, Part Necessity

Twitter is one of several Silicon Valley companies that believe they need to do a better job explaining their privacy policies, noted Matthew Feeny, director of the Project on Emerging Technologies at the Cato Institute, a public policy think tank in Washington, D.C.

“They’re doing it partly as a PR move, but there’s also this California consumer privacy legislation kicking in next year that requires companies like Twitter to provide consumers with more information, so the Privacy Center could be viewed as part of that effort,” he told TechNewsWorld.

With the Privacy Center, Twitter can create a universal repository of privacy, data and regulatory information to meet the requirements not only of laws like the GDPR and California Consumer Privacy Act, but also any rules and laws that take effect in the future.

“Every piece of global legislation includes a requirement to communicate in clear ‘non-legalese’ in order to share opt-in or opt-out requirements and openly answer questions that consumers may have, be they communicated directly to Twitter or in response to media headlines and controversy,” said Liz Miller, principal analyst at Constellation Research, a technology research and advisory firm in Cupertino, California.

Consumer Benefits

Consumers will benefit from the Privacy Center, she said.

“Consumers should have a destination to demystify rumor and have access to facts about what Twitter will, will not, can or cannot do,” Miller told TechNewsWorld.

The center also will be a place where consumers can ask questions.

“The hope here is that Twitter will not just answer questions around consumer protection and information sharing,” Miller said, “but also deliver unbiased facts and market details to help consumers differentiate fact from fiction.”

While consumers can benefit from a central repository of information, they’re probably not as concerned about privacy on Twitter as they may be about other social media, noted the Cato Institute’s Feeny.

“When it comes to the sheer amount of data collected, I don’t think Twitter holds a candle to Facebook,” he said.

“Twitter is trying to present itself as a privacy-friendly company,” Feeny continued, “but if you polled people around the world about what company they’re most concerned about when it comes to privacy, Twitter wouldn’t be at the top of the list.”

Skirting GDPR

Twitter has characterized the move of users registered in Dublin to San Francisco as a means to test settings and controls on them without running the risk of violating the GDPR, according to a Reuters report.

The idea is to learn from those experiments and then roll out experiences based on the results to Twitter’s global user base, the company told Reuters.

Not everyone sees the move in a benign light.

“Twitter is trying to evade privacy obligations under the GDPR,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a civil liberties advocacy group in Washington, D.C.

That “is striking,” he told TechNewsWorld, “because other U.S. tech firms, including Apple, Google, Facebook and Microsoft, said they would comply with the GDPR.”

The move likely will trigger increased scrutiny by regulators, Constellation’s Miller noted.

“Nothing says, ‘Hey, watch everything I do,’ like saying you are going to flout regulations or that you have found a workaround,” she said.

“Why dedicate yourself to transparency in a centralized privacy center if you are going to reclassify users to ensure they are only protected by narrow privacy laws?” Miller asked.

‘Terrible Stewards’

Since the election of Donald Trump, there’s been a trend among big tech companies to appear to be proactive when it comes to privacy protection in order to stave off serious regulation, Feeny explained.

“No company should wait until regulations dictate the trust dynamic between brand and customer,” Miller said. “If they do, they will be behind from the moment the ink is signed on the law.”

There is good reason for regulatory heat to descend on Silicon Valley, maintained Fatemeh Khatibloo, principal analyst at Forrester Research, a market research company headquartered in Cambridge, Massachusetts.

“To put it bluntly, these companies are proving to be terrible stewards of the power they wield,” she told TechNewsWorld.

“Whether it’s failing to keep users’ data secure or putting profits ahead of protecting democracy, they simply aren’t ethical actors,” Khatibloo continued. “Regulators are finally acknowledging that self-regulation isn’t working, and realize that they must step in to protect consumers.”

Meanwhile, privacy has been transformed from something in the realm of IT departments and operational checklists to a brand issue, Miller noted.

“Privacy it is a promise that a brand is making with each individual customer,” she said. “That also sets up the expectation that if the brand breaks that trust — or through their own actions or inaction put the customer at risk — that customer can and will walk, with their loyalty, wallets and public sentiment in tow, likely never to return again.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reportersince 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, theBoston Phoenix, Megapixel.Net and GovernmentSecurity News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Tech Law

E-Commerce Times Channels