Twitter has just published a new privacy policy that comes into force from August 19. Users don’t have an opt-out option – once the policy is in force, they have to adhere to the stated Terms of Service (ToS) to continue using Twitter. The social media platform cannot offer this privacy policy for the EU or the US, because the EU’s General Data Protection Regulation (GDPR) offers users much more control of their personal data.
Apart from refurbishing the Tweetdeck platform with new look and features, Twitter has introduced a new subscription service, Twitter Blue, which is currently in beta in Australia and Canada; this may soon be rolled out in other regions. All this is happening even as it is locked in a battle with the Indian government over the new Intermediary Rules.
What’s new about Twitter’s privacy policy?
Twitter is trying to generate new revenue. The new policy clarifies what sort of data and metadata it will collect and maybe share with partners and third parties, as well as use internally. This pertains to the basic Twitter free service, which anybody can use, as well as Twitter Spaces (also free) and the new paid Twitter Blue.
What data will Twitter use or share?
Twitter already collects, or will collect, personal data like the device you’re using, your IP address, location if you share that, etc. The lists you create, people you follow and who follow you, and Tweets you like or retweet are also public and available to anyone (unless you’ve protected your account).
Twitter will continue to analyse “Tweets, content you’ve read, Liked, or Retweeted, and other information to determine what topics you’re interested in, your age, the languages you speak, and other signals, to show you more relevant content,” it states.
Users already share their email address; many share their phone number, and Twitter may access their address book for contacts, and whatever else is in their public profile. Twitter will scan Direct Messages (DM) in order to block spam, it claims. This means machine analysis of DM content for keywords, etc. That could have implications in terms of the ads it shows.
Twitter Blue is currently available only in Canada and Australia. This is its first-ever premium subscription, with a monthly fee for access to exclusive features and premium customer support. The new ToS will cover privacy there as well.
What can users keep private?
Users can, to some extent, limit the data collected and how Twitter uses it. Users will retain control of things like account security, marketing preferences, the list of apps that can access the Twitter account, and address book contacts uploaded to Twitter.
What sort of data is collected from Spaces?
Twitter can analyse data from Spaces for audio transcriptions, and review this for potential violations of ToS, as well to improve features and functions. All Spaces are public, so your presence in a Space, and anything you broadcast when you use Spaces is also public.
What happens with payments?
If you make a payment or send money using Twitter features or services, including via an intermediary, Twitter says, “We may receive information about your transaction, such as when it was made, or when a subscription is set to expire or auto-renew.”
What data may be shared with partners and affiliates?
Twitter’s ad partners and affiliates share information like browser cookie IDs, mobile device IDs, hashed email addresses, demographic or interest data, and content viewed, or actions taken on a partner-website or app. Some of the ad partners also enable Twitter to collect similar information directly from their website or their app.
What about jurisdictions?
The policy states, “Twitter does not sell your personal data. We’ve updated our Privacy Policy to make this clear, and also clarified how we protect your data when it is transferred outside the country you reside in."
This could be an area of contention, due to different privacy laws in different nations. Twitter will probably process most of this data in either Ireland (EU) or the US (which also has strong data protection laws). There is an insistence on the part of the Indian government that private data, especially financial data, be stored and processed inside India. Remember, India doesn’t have a data protection law – your data is actually safer stored outside India.
Should you accept this update?
You seem to have no choice as of now. Much of this is boilerplate and similar to ToS other data-collecting platforms offer. The lack of a data protection law makes it easier for such a privacy policy to be all-encompassing.
How can you maximise the protection of your data within these parameters?
You can download your tweets, delete any that look sensitive, and review and remove sensitive information from your profile before the update comes into effect. Maybe you can also reset your region information, and stop sharing your location (if you share location at all) and start accessing Twitter via a VPN that places you within the EU. That may allow you to avoid accepting this new ToS.