What are the dire straits a company has to face, due to non-compliance with GDPR? The wrath of Irish authorities! That’s what Twitter.Inc (NYSE: TWTR) has gotten itself in.
According to recent reports by Fortune, Irish authorities have pulled Twitter to a task, for not responding to a user request, which calls for non-compliance of the General Data Protection Regulation (GDPR).
Apparently, Twitter was requested for more detailed information of what data it collects when users click an auto-shortened link in a tweet, by a researcher.
Initially, the sole purpose of link shortening tool was to save characters in a limited space provided for a tweet and was believed, to fight malware and spams as such. However, these services also posed significant risks when used in private messages.
On a quite blunt note, the social media company refused to comply with such request, leading to the intervention of European Privacy authorities. A prompt investigation is arrayed along, and is surely no good news for Twitter!
A Comprehensive European Law Bares its Teeth!
Under the European Union’s General Data Protection Regulation (GDPR), European citizens have the right to ask data companies of how much data they collect and what is done with the same.
However, Twitter refused to comply. The matter went on with Veale alleging that Twitter sought to escape on grounds of the “disproportionate effort” it would take to gather that much data.
Although GDPR allows the same, Veale argues that this provision acts like one safe cover for not being transparent enough! This, to quote Veale, is considered to be “misinterpreting the text of the law.”
Veale drafted a complaint to the Irish Data Protection Commission (DPC), which finally, agreed on taking the investigation of Twitter further, where the European Data Protection Board will handle it. In response, DPC drafted a reply:
“The DPC has initiated a formal statutory inquiry in respect of your complaint. The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Data Protection] Act have been contravened by Twitter in this respect.” – Irish Data Protection Commission (DPC)
Data Transparency and all the Big Talks!
“Data which looks a bit creepy, generally data which looks like web-browsing history, [is something] companies are very keen to keep out of data access requests,” – Veale.
Tech companies don’t flinch away from elucidating fancy talks when it comes to “transparency”. However, looks like apart from self-aggrandizing, the far-reached mechanism needs more to stand intact! If that wouldn’t have been the case, surely, Twitter could have easily bared up the data that was sought earnestly.
Again, one should never forget that both Facebook and Twitter have already faced lawsuits for collecting data on links shared in private messages. True, no obscure activities could be established, but that still doesn’t brighten up the casting shadow!
To cast light upon Facebook’s grim history of privately shared links, A security researcher, Inti De Ceukelaire was able to track links shared by specific users in private chats. Facebook crawler which sorted and collected those links were found to be open and could be easily accessible by anyone who has a Facebook app. One can access links starting from popular news shorts to someone’s account details. Scary, isn’t it?
Twitter in a Soup, With Much to Lose!
As per the holy book of GDPR, maximum fines per violation accounts to 4 per cent of the company’s turnover or $20 million, whichever accounts to be more. This kind of amounts is much more than what Data Protection Directive enforces and somehow, refers to the seriousness of EU when it comes to data privacy.
With Twitter’s 2017 revenues subsuming up to $2.4 billion, a GDPR fine, if imposed now, can hit the company at $96 million. This is a mad scramble here!
Such amount is enough to submerge average firms and although not that catastrophic for social-media giants like Facebook and Twitter, can still affect a lot.
On a souped-up note, although GDPR had quite a messy debut, the recent investigation drives in the fact how this regulation can change the way data is being handled globally!