In May of 2018, a new law took effect in European Union called General Data Protection Regulation (or GDPR) which allows EU citizen to request any data collected by a company on them.
A UK privacy researcher from University College London named Michael Veale made a request to Twitter for any data collected by the Company’s link shortening service.
The company claimed that it had collected no data from the link shortening service, t.co.
Veale thought that the company was holding back some of his data and he wrote to the relevant privacy regulator about this.
This request sparked an investigation and Privacy regulators in Ireland have now launched an investigation over how much data is collected by Twitter from its link shortening service, t.co.
This was first reported by Fortune on Friday that investigation had started against Twitter. The privacy regulator sent a letter to Veale which states that:
“The DPC has initiated a formal statutory inquiry in respect of your complaint. The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the [Irish Data Protection] Act have been contravened by Twitter in this respect.”
The link-shortening service of Twitter, t.co, was designed initially to save characters space in a limited space of a tweet. This service has also been useful to gather analytics for a certain link and fight against malware. It helps users to avoid opening a link that has malware.
But this link shortening service when used in private messages also has a privacy risk as no one knows how much data is collected by Twitter when this is used in private messages.
The Irish Privacy regulator also said to Veale that it is looking into his complaint against Twitter and the investigation will be handed to Europen Data Protection Board (EDPB) which examines GDPR violations.