News

Twitter: Personal data may have been used for ad targeting without permission

The social media site said it had found and fixed issues with its website which may have
The social media site said it had found and fixed issues with its website which may have The social media site said it had found and fixed issues with its website which may have

Twitter has revealed it may have used some people’s personal data to target them with advertising without their permission because of issues within the platform’s settings.

The social media giant said it had recently discovered issues in its website where settings choices may not have worked “as intended”, resulting in some gathered data being used to personalise advertising.

Twitter said it fixed the issues on August 5.

In a blog post discussing the problems, Twitter detailed how, in one case, data may have been shared with advertisers despite not receiving user permission to do so.

“If you clicked or viewed an advertisement for a mobile application and subsequently interacted with the mobile application since May 2018, we may have shared certain data (eg, country code, if you engaged with the ad and when, information about the ad, etc) with trusted measurement and advertising partners, even if you didn’t give us permission to do so,” the company said.

The second issue involved targeting users with adverts based on the device they used, the firm added.

“As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so,” Twitter said.

“The data involved stayed within Twitter and did not contain things like passwords, email accounts, etc.”

The number of people affected by the issues has not been disclosed.

Strict new data laws – the General Data Protection Regulation (GDPR) – were introduced in the EU last year and include requirements for firms to be more transparent about data issues and report any breaches in a timely fashion to avoid potential penalties, including large fines.

In a statement, the Irish Data Protection Commission – Twitter’s data supervisor in Europe – confirmed it had “received a breach notification” from Twitter and was “assessing the information provided”.

Twitter also apologised for the incident.

“You trust us to follow your choices and we failed here,” the company said.

“We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again.”