Twitter on Monday announced that it is revamping its policies around the world to comply with online privacy laws in California and the European Union, a complicated process that will leave some users with more safeguards around their personal information than others.
For most users around the world, Twitter is tweaking its policies to better comply with the incoming California Consumer Privacy Act (CCPA), a tough set of privacy protections that goes into effect in January 2020. The controversial California law requires tech companies like Twitter to share information about what they know about users and offer users more opportunities to see and delete the data that tech companies have collected about them.
But Twitter will hold users in the European Union (EU) to a different privacy standard, the Twitter standard. The Twitter International Company will provide services to users in the EU, while Twitter Inc. — a separate entity based in San Francisco — will handle the accounts of users in other countries and the U.S.
Previously, the Dublin, Ireland-based Twitter International Company provided services to all Twitter users outside of the U.S. But now, in order to ensure that Twitter does not have to comply with European privacy rules all around the world, it will place those users under the U.S.-based Twitter Inc.’s jurisdiction.
In its policy update on Monday, Twitter said it hopes to “test features and settings” globally that would not be allowed under Europe’s tough privacy rules, the General Data Protection Regulation (GDPR). The company did not specify exactly what its engineers hope to test out.
“Over the last 18 months and based on initial learnings from our global privacy research project, we know that different people want different experiences — ‘one size does not fit all’ when it comes to things like personalization,” Twitter said in its December blog post. “So in order to do that, we need to have flexibility to test a range of controls. Europe’s latest privacy law is still relatively new but early interpretations don’t appear to provide that flexibility.”
“By moving some people’s relationship to Twitter, Inc., we have greater freedom to test features and settings and provide people with the controls that meet their needs and expectations,” Twitter wrote.
In order to provide better insight into how it uses data, Twitter also announced a new website to compile all of its privacy policies into one location, pledging that it will offer “a destination to provide more clarity around what we’re doing to protect the information you share with us.”
The world’s largest tech companies lobbied aggressively against the California and European laws, both of which would place limitations around how they monetize the reams of personal information they collect from their billions of users worldwide.
And now that both sets of privacy protections have either gone into effect or will become law soon, companies are taking different approaches to offsetting the inevitable costs of complying with them. For example, Microsoft in May agreed to follow Europe’s GDPR as it builds products around the world, and then announced that it would follow California’s standard across the U.S. until lawmakers come up with a federal comprehensive privacy law.
Twitter is responding to the competing laws by essentially geofencing EU privacy rights within the EU while improving its privacy practices worldwide.
“This is unique from what I’ve seen so far,” Caitriona Fitzgerald, the policy director of the Electronic Privacy Information Center, told The Hill on Monday.