Twitter greeted its users with a confusing notification this week. The control you have over what information Twitter shares with its business partners has changed, it said. The changes will help Twitter continue operating as a free service, it assured. But at what cost?
Twitter has changed what happens when users opt out of the Allow additional information sharing with business partners setting in the Personalization and Data part of its site.
The privacy setting in question. For most users, the box is checked by default.
The changes affect two types of data sharing that Twitter does:
These changes affect users differently depending on whether they are subject to GDPR. Previously, anyone in the world could opt out of Twitters conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option. Instead, users in the U.S. and most of the rest of the world can only opt out of Twitter sharing data with Google and Facebook (type 2). Its unclear whether the share data with business partners setting previously affected type 2 sharing, or whether Twitter sharing this kind of data with Google and Facebook is a new phenomenon.
For people protected by GDPR, type-1 data sharing remains opt-in, and type 2Twitter sharing their data with Google and Facebooknever happens at all.
To understand whats going on, we need to look at another piece of Twitter news from last year.
On August 5, 2019, Twitter announced that it had identified and fixed a couple of bugs. As it turned out, some of its privacy settings were... not setting things correctly. Specifically, the opt-outs for device-level targeting and conversion trackingthe same conversion tracking described abovedid not actually opt users out. Twitter explained at the time:
Source: An issue with your settings choices related to ads on Twitter, at https://help.twitter.com/en/ads-settings
Twitter fixed both bugs, and its privacy settings began working the way they were supposed to.
The next event happened months later, when Twitter announced its quarterly earnings. Apparently, advertisers had really appreciated the data they werent supposed to be getting. Once Twitter shut off the hose of non-consensual device information, advertisers were unhappy. And Twitter announced a substantial hit to its revenue after fixing the bugs.
That leads us to today. Twitter apparently was happy to let users opt out as long as ad spending continued to grow. But last year, the privacy bugs and subsequent fixes seem to have shown Twitter exactly how much privacy options were costing it. Now, Twitter has removed the ability to opt out of conversion tracking altogether.
Today, users in Europe maintain the same agency and control over their personal data that theyve always had. They get to decide whether advertisers can use Twitters ad tools to tie actions on Twitter to device identifiers. Everyone else has lost that right.
The reason is simple: European users are protected by GDPR. Users in the United States and everywhere else, who dont have the protection of a comprehensive privacy law, are only protected by companies self-interest. All too often, Twitter, Google, and Facebook will give users only as much control as they think they need to in order to stave off regulation and competitors, but no more. When push comes to shove, theyll protect their bottom line.
This is why it shouldnt be up to tech companies to give us privacy. We need strong data privacy laws that protect users rights to privacy, access, and control. And we need to change a system that tempts companies to sell out their users for a few points of growth.
See the article here:
Twitter Removes Privacy Option, and Shows Why We Need Strong Privacy Laws - EFF
