As a platform that sits between users and advertisers,.Twitter has the data, but doesn't own them.
Users own the data, and they have the choice to whether grant Twitter to share that data to third-parties. In other words, users are in control. Unfortunately, things have been that very way, as Twitter has discovered.
The social media said that it found and fixed two bugs related to how its platform uses users' personally identifiable information to target them with personalized ads.
According to Twitter on its announcement:
What possibly happened here:
- If users clicked or viewed ad ad for a mobile application and subsequently interacted with the mobile application since May 2018, Twitter may have shared certain data with trusted measurement and advertising partners, even if users didn't give Twitter permission to do so.
- Twitter and other services since September 2018, may have shown users ads based on inferences it made about the devices users use, even if users did not give Twitter permission to do so.
The company acknowledged that the problem has been around since at least May 2018, just when GDPR data protection regulations went into the effect in the European Union.
We recently discovered and fixed issues related to your settings choices for the way we deliver personalized ads, and when we share certain data with trusted measurement and advertising partners. We want to share more context around this with you: https://t.co/jDn5zeWVwU
— Twitter Support (@TwitterSupport) August 6, 2019
According to Twitter, the social media fixed the issues on August 5, 2019, although it didn’t explicitly state how many users were affected..
"We know you will want to know if you were personally affected, and how many people in total were involved. We are still conducting our investigation to determine who may have been impacted and If we discover more information that is useful we will share it."
The disclosure comes months after the microblogging site fixed a similar bug that gave away users’ approximate location information to some Twitter partner.
These problems should be a violation to GDPR requirements, which mandates companies to seek users’ explicit permission before ever tracking them or processing their personal data.
Twitter in admitting that it went ahead and processed users' data without their consent, inadvertent or not, is a clear breach of users’ preferences and privacy.
"You trust us to follow your choices and we failed here. We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again," apologized Twitter.