Ready for the new Google Consent Mode v2? Learn more »
General

Twitter and privacy?


This should be ‘tweeted’ to you via consent management

The up to 280 characters that were typed with the good old SMS just a few years ago are now being tweeted more and more often: This is the only way to explain that the successful American microblogging service Twitter has almost 330 million active users per month. Lively debates have been initiated under various #hashtags in recent years, which impressively demonstrates the communicative reach of this platform. The content is published worldwide immediately after typing. Data protection plays a role even before that!

Mobile homepage of Twitter on mobile

#Twitter GDPR: You can read that in this article

It is clear that the data mainly runs via servers in the USA and therefore extends beyond European data protection . This shows that website operators should take a very differentiated view of Twitter and the GDPR . This guide is a start:

  • What is Twitter’s position on data protection?
  • Is Twitter GDPR Compliant?
  • To what extent does Twitter collect cookies?
  • What do I have to do to meet the legal requirements of data protection?

Take seven minutes to read the most important questions and answers about Twitter and data protection.

Twitter and data protection: The most important things from this guide in a nutshell

  • The General Data Protection Regulation (GDPR) and an ECJ ruling require explicit consent for the use of personal data in virtual space.
  • In 2017, Twitter adjusted data protection with a view to the GDPR. However, it can be assumed that personal data will be used in the USA.
  • If you want to integrate a Twitter plugin in compliance with the GDPR, you should use static links or links that explicitly refer to external content and service providers before they are loaded.
  • Cookie Consent Management has also become an important task for website operators with regard to the integration of social media: Consentmanager is a powerful tool for leaving nothing to chance in terms of data protection law.

Twitter and data protection: The processing of personal data starts with the registration

If you register as a user on Twitter, you give up rights to the processing of your data . The only question is whether you have any influence and whether you can decide which data usage you want to consent to (or not). This is where the topic of Twitter and GDPR comes into focus: Without a doubt, Twitter collects user data. Due to the General Data Protection Regulation, which has been in force since 2018, the short message service is obliged to obtain the consent of users for the processing of personal data .

What applies to users or website operators who embed or link to tweets? This guide will examine the topic of Twitter and data protection in a differentiated manner and present a functional solution for the Twitter and data protection field of action in the form of the Consent Manager.

Ist Ihre Webseite konform? Finden Sie es heraus mit unserer Checkliste

Checkliste herunterladen

Twitter and GDPR: Get clear on the initial situation

Twitter itself says in its guidelines that tweets are public communications . Once a tweet has been posted, it can be shared or embedded without infringing on the privacy of the originator. Sharing, retweeting or embedding are part of the business model in this respect. With regard to Twitter and data protection, it always becomes problematic when personal data is used unknowingly or without consent.

By registering with the short message service Twitter, the company is enabled to process data in the United States. Regardless of data protection in Europe, the data is processed in the USA for advertising purposes, after all, this is where the company earns a large part of its money. In the USA, the data is also processed using Google Analytics, so that consent is required in view of the strict requirements of the General Data Protection Regulation. Twitter itself states that it commissions services for such purposes. Twitter and data protection should therefore be viewed holistically and beyond one’s own national borders . As far as legally compliant use in this country is concerned, tools such as the consent manager can ensure a high degree of security.

Various popular social media applications like Twitter, Linkedin, Facebook on one phone screen

Hashtag on our own behalf: What does Twitter say about #data protection?

A look at Twitter’s statements on cookies and data protection shows that the company emphasizes transparency above all. However, that alone is not enough for legally compliant operation, because this transparency must be implemented technically flawlessly at all times . Specifically, according to the judgments of the European Court of Justice, this means that users must be able to explicitly consent if personal data is collected or stored. The new data protection regulations that have been in effect at Twitter since mid-2017 should be seen against this background.

Twitter’s new options for privacy?

With this update, Twitter wants to give users more options overall about the use of personal data. Twitter’s privacy policy explicitly mentions wanting to give users more control. With the privacy settings, users can now more specifically determine which services they want to allow and to what extent. Many users don’t take the time to check the privacy settings section after registration. However, they should do this in order to become aware of the extent of possible data use.

What does Twitter say about data usage?

Twitter declares that it receives personal information even if you as a user only look at tweets and do not actively type. First and foremost, the IP address and the device used should be mentioned here. Users can decide for themselves whether they want to share additional information such as telephone numbers, e-mail addresses or contacts from the address book with Twitter. The platform affirms using such information for account security and to display more relevant tweets. This clearly shows the extent to which personal data can be used . At the same time, this raises the question of how Twitter can be integrated in a GDPR-compliant manner.

 

Stay up to date!

Subscribe to Newsletter

Legal background: Judgments of the European Court of Justice (ECJ)

Twitter states that it updated its privacy policy with a view to the General Data Protection Regulation applicable in Europe. The privacy of users should be protected as best as possible in the future. Article 13 GDPR stipulates that website operators must provide comprehensive information if personal data is to be collected or stored. This is exactly where a consent management tool like Consentmanager comes into play, which allows website visitors to consent or reject data collection to the declared extent.

Twitter and Cookies: Explicit consent is required

With regard to data security and the legally compliant operation of a website, the topic of cookie consent management has played a central role at least since the introduction of the strict General Data Protection Regulation. Users must be able to explicitly agree or reject the collection of cookies to a declared extent. If you want to embed tweets on your website, you also have to create this basis with a view to data security. With the Consentmanager, consent management can be implemented professionally and, above all, in compliance with the GDPR. For website operators, such a powerful tool offers an immense additional security of action.

Use Twitter plugin GDPR compliant: These are the framework conditions

Many companies operate Twitter accounts to inform customers about news and to promote corporate communication with maximum digital reach. A Twitter icon is often statically integrated on the actual website, which leads to the Twitter profile. This procedure is harmless from the point of view of data protection, because Twitter and Co. cannot collect any personal data when you visit your own website. From a technical point of view, a static link is the safest solution for solving Twitter and data protection for your own website in the most resource-saving way possible.

Graphic of the Twitter Bird logo

Integrate Twitter plugin GDPR compliant? Consent would be required!

On the other hand, it becomes problematic under data protection law if a social media plugin such as Twitter feed is integrated on your own website. Technically, it is very easy to integrate a code on the homepage. The data protection problem can be seen in the fact that tracking codes are also included , which can pose a threat to the privacy of users. Such plugins always transmit data, which means that there is an immediate need for action from the point of view of data protection. Even website visitors who are not registered with Twitter can be affected. Data such as the IP address could be collected automatically and without the consent of the person, which cannot be reconciled with the applicable data protection.

Twitter Plugin & GDPR: These are possible solutions for website operators

As the website operator, you would no longer have data protection control over this content. To be on the safe side, you should delete such plugins and only refer to a Twitter profile with a linked image. Otherwise, an extended data protection declaration is necessary, or you have to ask visitors before loading this content for their consent that data is transferred to external service providers at this point. At the latest since the judgment of the European Court of Justice, it seems urgently necessary to include a data protection declaration or a link to it on one’s own Twitter profile.

A so-called 2-click solution is also possible to connect Twitter and the GDPR: buttons are inactive until users consciously activate them. Until then, no exchange of personal data such as the IP address can take place.

The problem of shared responsibility in the digital space

Section 26 GDPR speaks of joint responsibility. This case always occurs when plugins are used or tweets are integrated. The data protection declaration should be adapted in this regard, since the legal situation is not completely clear. However, operators can and must implement a GDPR-compliant solution for their own website. Finally, let’s take a look at what this can look like and what advantages a powerful consent management tool like Consentmanager opens up.

With the Consent Manager, Twitter can be integrated in compliance with the GDPR

Up to this point, you could understand that Twitter gives more transparency to data protection with more configurations for the user. However, this in no way relieves website operators from the obligation to indicate the use of data in the case of the integration of plugins.

Anyone who does not integrate Twitter with a static link on their own website will have to point out that the data is used by external service providers before the data is loaded. In order to be able to operate your own website including Twitter in compliance with the GDPR, the topic of cookie consent management has come into focus since the judgment of the European Court of Justice. As a website operator, you can use the Consentmanager to take all the necessary precautions to combine Twitter and data protection in a legally secure manner. This also applies in particular if you use Google Analytics to optimize your website . With a consent management banner that appears, you ensure that website operators are comprehensively informed, can consent to the use of data or make personal configurations.

Professionalize Twitter and data protection with Consentmanager

With Consentmanager you are relying on a field-tested and customizable solution that implements the legal requirements of the General Data Protection Regulation. Apart from the security of action under data protection law, you ensure a positive user experience by integrating the consent manager. Studies show that professional cookie consent management leads to higher acceptance and longer retention times. The exemplary handling of personal data builds trust, which can have a positive impact on the image. With a consent management provider, you not only invest in the legal security of your website, but also in the measurable (!) performance. The real-time overview allows you to specifically analyze the current performance and draw conclusions for optimization .

Twitter and data protection: Nothing must be left to chance when it comes to being legally binding

Especially with a view to the topic of Twitter and data protection, the international reach quickly becomes clear. If your website is internationally oriented and reaches users from all over the world every day, a functional multilingual solution can be used with the Consent Manager. The central banner for data protection will automatically appear in the respective national language in the GDPR area. The consent manager is perceived as an important part of the website thanks to automatic adjustment and customization options. It shows every visitor that you as the operator are living up to your responsibilities. Twitter and privacy are a complex challenge. With a tool like the Consentmanager, this challenge can be mastered technically quickly and reliably.

FAQs on Twitter and data protection: You might also be interested in this

Complete anonymity will not be possible in the digital space, since data is always being exchanged. If you want to give a meaningful answer to this question for your Twitter account, you should check the settings under ‘Privacy and Security’. The ‘Protect my tweets’ option can be selected under ‘Target group and tagging’, which provides the best possible protection for the account.

Since a ruling by the European Court of Justice in 2019, website operators have had to provide comprehensive information about the data they collect with regard to the cookie directive. Consent must be obtained for the processing of collected data. This can be done automatically with the banner of the consent manager. Positive side effects of integrating a cookie consent manager are the increase in the length of stay and the generally higher level of acceptance.

Consent management has become a central task for all website operators at least since the introduction of the new General Data Protection Regulation. Consentmanager helps to organize the collection or storage of personal data in a legally compliant manner. To do this, users must explicitly give their consent or object to the stated scope of data collection.

When integrated with a static link, no personal data is passed on. If a Twitter plugin is to be operated in compliance with the GDPR, an adjustment to the data protection guidelines is required, as is the explicit note that data is passed on to service providers when loading this external content. With a public profile, the tweets or content can basically be viewed and used by everyone.

By registering, users decide whether to share their tweets publicly or for a defined area including personal data. This is simply structurally due to the fact that data is processed in the USA, among other places, where the GDPR is not relevant for Twitter. Twitter and data protection are therefore to be seen across borders. In response to tightening laws in Europe, Twitter redesigned data protection in 2017 with new guidelines. The short message service itself speaks of more transparency and configuration options for users in the area of privacy. There, users can configure data protection on Twitter.


more comments

EDPB opinion on pay or consent model
Legal, News

The latest decision of the EDPB on “consent or pay” models for online platforms

The Dutch, Norwegian and German (Hamburg) regulators asked the European Data Protection Board (EDPB) for guidance on whether large online platforms can implement ‘consent or pay’ models for behavioural advertising based on valid and freely given consent. This was prompted by Meta’s introduction of a subscription model in October 2023, where users were given the […]
New regulations US 2024
Legal

New US data protection laws come into force in 2024: Update your US-specific privacy settings

In the United States, new data privacy laws will take effect in the second half of 2024 – in Florida, Texas, Oregon and Montana . Companies that operate in these states or have customers in these states will need to review their data privacy practices to ensure compliance with the new data privacy laws. To […]