Twitter has said that users’ private data may have been shared with advertisers, after admitting that glitches in its systems continue to subvert data protection standards.

In the spring, the social media site divulged how a software problem meant a user’s location data could end up being shared with a Twitter ad partner in the course of the real-time bidding (RTB) auction process.

In a blog post, Twitter explained how it had located the bugs and was working to fix issues with ad settings that may have led to user choices over privacy not being implemented.

Although Twitter says the issues were fixed last week, no details have been given regarding when the company discovered that user data was being processed without proper consents being in place.

The first security hitch concerns tracking ad conversions. Should a user click or view an advert for a mobile app on Twitter, and then interact with that app, Twitter said it “may have shared certain data (e.g., country code; if you engaged with the ad and when; information about the ad, etc)” with ad partners, whether or not the user in question had agreed for their information to be passed on in this way.

Twitter also highlighted a leak problem that has been continuing since the GDPR came into being last year on May 25th. Under the data laws, data breaches must be disclosed to potential victims and regulatory bodies within 72 hours of suspicious activity being discovered. In light of this standard, Twitter could be in danger of being hit with a substantial fine.

Twitter also admitted that users may have received targeted ads since September 2018 based internet behaviours that were tracked whether or not tracking permissions had been given by the users in question. The confession could land Twitter in further hot water with regulators in Europe.

Twitter said:

“As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so.

“The data involved stayed within Twitter and did not contain things like passwords, email accounts, etc.,” it added.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus