
Twitter Is Being Formally Investigated Following a GDPR Complaint - octosphere
http://fortune.com/2018/10/12/twitter-gdpr-investigation-tco-tracking/
======
kevin_b_er
There's an additional delicious irony here. These companies have headquartered
themselves in Ireland for tax dodging purposes. Carefully legal through loop
holes, but tax dodging. Except they must still abide by the law of the place
their tax shelter is. Which means GDPR compliance. I have no sympathy for
Twitter here.

~~~
rahimnathwani
"These companies have headquartered themselves in Ireland"

According to Twitter's most recent 10-Q, filed with the SEC:

\- The company is registered in Delaware

\- The principal place of business is on California

If the parent company is registered in Delaware, and its stated principal
place of business is Market Street, how can it be headquartered in Ireland for
corporation tax purposes?

~~~
Someone
“Twitter International Company” has its headquarters in Dublin.

[https://en.wikipedia.org/wiki/Twitter](https://en.wikipedia.org/wiki/Twitter):

 _”In 2015, following an updated terms of service and privacy policy, Twitter
users outside of the United States are legally served by the Ireland-based
Twitter International Company instead of Twitter, Inc. The change made these
users subject to Irish and European Union data protection laws”_

------
vertex-four
Amusingly, I can’t actually read this article because Fortune’s website isn’t
actually GDPR compliant - there’s an interstitial with no way of either opting
into or opting out of data processing.

~~~
weberc2
GDPR-noob/American question: how does that violate GDPR?

~~~
qball
As I understand it, you need to provide a functional way to opt out of
tracking, and access to a service must not be blocked if you do not opt into
the tracking. There's a bunch of other stuff (i.e. if you request the data a
website has on you they have to hand it over, and if you request your
information be deleted they have to actually do it within reason) but that's
the gist of it.

Naturally, this results in a bunch of sites geoblocking European users- why
would any sane person or company spend server time on people who can no longer
legally pay you for accessing it?

But then again, protectionism is one of the two main goals of GDPR (the idea
is that EU folks will be forced to read European sources that follow EU law);
the other is getting American tech companies to pay their taxes in a way they
can't just dodge by moving to Ireland.

Privacy's just the fig leaf over it all- while it's a nice side-effect of the
law it most certainly was not the primary goal.

~~~
vertex-four
Believe it or not, you can display adverts without processing personal
information. Magazines, TV, billboard companies, do it all the time.

------
badwolf
So he wants Twitter to tell him every single link he's ever clicked on.

This seems like someone intent on finding something to complain about. An
annoying effect of GDPR.

~~~
fatnoah
>The company refused to hand over the data it recorded when Veale clicked on
links in other people’s tweets, claiming that providing this information would
take a disproportionate effort

He's asking Twitter for what additional data Twitter stores in response to
clicking on Twitter-shortened links. This is perfectly in line with the spirit
of GDPR. That said, we're going to have a long road and huge mess as a result
of the ambiguity that exists at so many levels and there will be lots of legal
tests.

FWIW, I led the GDPR compliance effort for a SAAS product and our strategy was
mostly to stop storing or processing anything we didn't absolutely need AND to
make sure we could generate necessary audits to provide that information in
response to customer inquiries. Here, it sounds like Twitter dropped the ball
or didn't go through the effort to be compliant.

