Ireland's privacy watchdog engages with Twitter over access to journalists' data
Elon Musk's desire to stir up conspiratorial shit by giving certain outsiders aligned with his conservative agenda access to Twitter's systems and data could result in the richest man in the world world in a serious doodoo with regulators on both sides of the Atlantic.
In recent days, this access granted by Musk to a few outside journalists has led to the release of what he and his cheerleaders claim is an expose of the platform's previous approach to content moderation.
Thus far, these releases of "Twitter Files", as he called them, have been a wet squib in terms of newsworthy reveals - unless the idea that a company with high volume of user-generated content A) employs trust and safety personnel who discuss how to implement policies, including in B) rapidly changing situations where all the facts about content items may not be not yet established; and C) also has moderation systems in place that can be applied to reduce the visibility of potentially harmful content (instead of removing it) is a particularly wild newsflash.
But these heavily amplified data dumps could still create tough news for Twitter — should Musk's tactic of opening up its systems to outside journalists come back in the form of regulatory penalties.
The Irish Data Protection Commission (DPC), which is (at least for now) Twitter's main data protection regulator in the European Union, is asking Twitter for more details about the data protection issue. access to external data.
“The DPC was in contact with Twitter this morning. We are talking to Twitter about this to establish further details,” a spokeswoman told TechCrunch.
Earlier today, Bloomberg also flagged concerns about the pond over third-party access to Twitter user data — citing tweets from former Facebook CISO Alex Stamos, who said publicly that a Twitter thread posted yesterday by one of the reporters Musk had access to "should be enough for the FTC to open an investigation into the consent decree."
Twitter's FTC consent decree dates back to 2011 and relates to allegations that the company misrepresented the "security and privacy" of user data for several years.
The social media company was previously fined $150 million in May for violating the order. But future penalties could be much harsher if the FTC finds it flagrantly violating the terms of the agreement. And the signs are ominous, given that the FTC already warned Twitter last month – warning that "no CEO or company is above the law".
Another consideration here is the European Union's General Data Protection Regulation (GDPR), which contains a legal requirement that personal data is adequately protected.
This is called the security principle — or "integrity and confidentiality" — of the GDPR, which states that personal data must be:
processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and privacy").
Handing over user data (and/or access to systems that could expose user data) to non-staff members for review may therefore raise questions about whether Twitter is fully Compliant with the GDPR security principle. There is another question to consider here as well: what legal basis does Twitter rely on to pass (non-public) user data to third parties, if at all.
At first glance, Twitter users would hardly have knowingly consented to such extraordinary treatment under its standard terms and conditions. And it's unclear what other legal bases might reasonably apply here. (The Twitter Terms invoke contractual necessity, legitimate interests, consent, or legal obligation, in various ways, with respect to the processing of users' direct messages or other non-public communications depending on the processing scenario. - but which of these bases would be appropriate, if indeed it is, to transmit this type of non-public user data to non-employees who are neither Twitter service providers nor entities such as law enforcement, etc. , is debatable.)
He was asked his opinion on this,
Elon Musk's desire to stir up conspiratorial shit by giving certain outsiders aligned with his conservative agenda access to Twitter's systems and data could result in the richest man in the world world in a serious doodoo with regulators on both sides of the Atlantic.
In recent days, this access granted by Musk to a few outside journalists has led to the release of what he and his cheerleaders claim is an expose of the platform's previous approach to content moderation.
Thus far, these releases of "Twitter Files", as he called them, have been a wet squib in terms of newsworthy reveals - unless the idea that a company with high volume of user-generated content A) employs trust and safety personnel who discuss how to implement policies, including in B) rapidly changing situations where all the facts about content items may not be not yet established; and C) also has moderation systems in place that can be applied to reduce the visibility of potentially harmful content (instead of removing it) is a particularly wild newsflash.
But these heavily amplified data dumps could still create tough news for Twitter — should Musk's tactic of opening up its systems to outside journalists come back in the form of regulatory penalties.
The Irish Data Protection Commission (DPC), which is (at least for now) Twitter's main data protection regulator in the European Union, is asking Twitter for more details about the data protection issue. access to external data.
“The DPC was in contact with Twitter this morning. We are talking to Twitter about this to establish further details,” a spokeswoman told TechCrunch.
Earlier today, Bloomberg also flagged concerns about the pond over third-party access to Twitter user data — citing tweets from former Facebook CISO Alex Stamos, who said publicly that a Twitter thread posted yesterday by one of the reporters Musk had access to "should be enough for the FTC to open an investigation into the consent decree."
Twitter's FTC consent decree dates back to 2011 and relates to allegations that the company misrepresented the "security and privacy" of user data for several years.
The social media company was previously fined $150 million in May for violating the order. But future penalties could be much harsher if the FTC finds it flagrantly violating the terms of the agreement. And the signs are ominous, given that the FTC already warned Twitter last month – warning that "no CEO or company is above the law".
Another consideration here is the European Union's General Data Protection Regulation (GDPR), which contains a legal requirement that personal data is adequately protected.
This is called the security principle — or "integrity and confidentiality" — of the GDPR, which states that personal data must be:
processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and privacy").
Handing over user data (and/or access to systems that could expose user data) to non-staff members for review may therefore raise questions about whether Twitter is fully Compliant with the GDPR security principle. There is another question to consider here as well: what legal basis does Twitter rely on to pass (non-public) user data to third parties, if at all.
At first glance, Twitter users would hardly have knowingly consented to such extraordinary treatment under its standard terms and conditions. And it's unclear what other legal bases might reasonably apply here. (The Twitter Terms invoke contractual necessity, legitimate interests, consent, or legal obligation, in various ways, with respect to the processing of users' direct messages or other non-public communications depending on the processing scenario. - but which of these bases would be appropriate, if indeed it is, to transmit this type of non-public user data to non-employees who are neither Twitter service providers nor entities such as law enforcement, etc. , is debatable.)
He was asked his opinion on this,
What's Your Reaction?
