Investigation taking place under the General Data Protection Regulation (GDPR)
An earlier Verge article describes the GDPR: “The General Data Protection Regulation is a rule passed by the European Union in 2016, setting new rules for how companies manage and share personal data. In theory, the GDPR only applies to EU citizens’ data, but the global nature of the internet means that nearly every online service is affected, and the regulation has already resulted in significant changes for US users as companies scramble to adapt.” Complete information about the GDPR can be found here.
The investigation results from a request by Michael Veale a UK professor. The GDPR allows citizens to request any data that a specific company collects about them. When Veale made the request to Twitter concerning its link-shortening service, the company replied that the service collected no data about him. Veale was sceptical and asked the Irish Data Commissioner to investigate to see if the Twitter claim were true.
The Commissioner’s letter to Veale
The letter from the office of the Irish Data Privacy Commissioner said: “The DPC has initiated a formal statutory inquiry in respect of your complaint. The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Data Protection] Act have been contravened by Twitter in this respect.”
Wikipedia describes link-shortening as follows:
“URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a long URL. For example, the URL “http://example.com/assets/category_B/subcategory_C/Foo/” can be shortened to “https://example.com/Foo”,… Often the redirect domain name is shorter than the original one. A friendly URL may be desired for messaging technologies that limit the number of characters in a message (for example SMS), for reducing the amount of typing required if the reader is copying a URL from a print source, for making it easier for a person to remember, or for the intention of a permalink. In November 2009, the shortened links of the URL shortening service Bitly were accessed 2.1 billion times.Other uses of URL shortening are to “beautify” a link, track clicks, or disguise the underlying address. Although disguising of the underlying address may be desired for legitimate business or personal reasons, it is open to abuse. Some URL shortening service providers have found themselves on spam blacklists, because of the use of their redirect services by sites trying to bypass those very same blacklists. Some websites prevent short, redirected URLs from being posted.”
Link-shortening has not only saved spaces within the limited space of a tweet, but it has also proved to be effective at fighting malware, and also gathering some rudimentary analytics. It is these analytics that can provide a privacy risk when used in private messages. Not only Twitter but Facebook also has faced lawsuits for collecting data on links shared in private messages even though no wrong doing was conclusively established in either case. Twitter has declined to comment on the investigation saying only that they were actively engaged with the Data Privacy Commissioner.