Twitter Adtech leaks

Many companies are facing data scandals these days. Even Twitter admits now that it shared the user’s personal data for making ads. There are also reports that a user told them not to share his data. This is shocking news because Twitter always protects its users. For example, it deleted the user accounts involved in harassment, a while ago.

Last May, Twitter disclosed a bug, which tells about the user’s whereabouts, pinpointing to the exact location. The social network also wrote a blog post in which it mentioned that it knew about the problems with the ads. However, things didn’t go according to the company’s desires. Twitter also mentions that it fixed the data problems by the end of 5th August. However, it doesn’t mention the time it realized that they were sharing user’s data without their consent.

The first bug was related to tracking ad conversations. This means that if a Twitter user clicked on a mobile ad and interacted with the mobile app, Twitter says that it may have given some user’s data to the advertising partners and agencies. Twitter admits that they didn’t ask for any user’s consent in this case.

Twitter mentions that this data leak has been happening since May 2018. It is the same day when Europe’s privacy framework called GDPR had legal effect. The regulation mentions these data leaks, and how Twitter just found about it recently. Twitter informs that they found the data breaches recently because GDPR also has a regime of violations for companies who don’t protect user’s data. However, it isn’t clear whether there will be regulatory actions against Twitter’s data leaks.

Twitter also mentions that it never shares Twitter handles, emails, user’s names and their phone numbers with anyone. However, it shares the user’s mobile data identifier. GDPR treats this information as personal data. Using this identifier, Twitter and Twitter partners look into the specific user’s online activities and their internet searches. Therefore, this puts them in a good position to target ads towards individual users.

Regarding the second issue, Twitter admits to sharing users’ browsing history, which helps the ad partners to make targeted ads. Here the company mentions that it has been actively sharing user’s browsing history, since September 2018. Although the company doesn’t ask the consent of users, it still shares their precious data.

This seems like a breach of GDPR because the users don’t give any consent to sharing their data. This is really a creepy style of ad targeting. Twitter does this by associating your devices when you have logged into your Twitter account. Then, it receives information, linked to the device identifiers, from its ad partners. However, the company gathers data through cookies, which are present online to track your online activity.

Twitter states, “We always try to use relevant advertising services for the users. Therefore, since September 2018, we have shown you ads based on your browsing history. However, it is clear that we didn’t ask for your permission. Still, we assure you that the data shared didn’t include any email accounts, passwords, phone numbers, etc.” Thus, the key point here is not asking any consent for taking user’s data.

Another problem, in this case, is that the choices of the users were overridden. However, Twitter clarifies that it didn’t do it intentionally. Still, it isn’t consent; it is a breach of privacy.

“We know that you want to know whether you were affected and how many people were involved. However, we can’t tell you much at this point as we are still investigating. We are trying to determine how far it has affected the users.”

Twitter knows that it messed up big time. Therefore, it apologizes for this data breach. It mentions, “We are really sorry that this happened. We will also make sure that these mistakes don’t happen ever again. If you have any questions regarding the issue, you should fill this form to contact Twitter’s Office of Data Protection.”

It is a good thing that Twitter admits to these data leaks and apologizes. Although this apology is a good act, this data leak has put a big question mark over the targeted ads online.