Inside Twitter’s risky plan to force users to share data riles regulators
Twitter’s risky plan for its ads business may actually end up doing more harm than good for advertisers still advertising on the social network.
What now, you say? Well, earlier this week Platformer broke the news that Twitter’s controversial billionaire owner Elon Musk wants to force users to accept personalized advertising unless they pay for a subscription service that will let them opt-out of ads.
Musk’s plan doesn’t stop there. He’s reportedly weighing whether to force users to share their location to Twitter (and its advertisers) alongside their contact phone numbers that they have already provided for two-factor authentication for ad targeting purposes.
Once upon a time — like in 2012 — this would’ve sounded fine. But these days — when consumers view privacy as they do — stuff like this doesn’t really fly. Companies can’t simply strong arm users into sharing their personal data to continue to receive a service.
It’s possible, of course, but far from easy as Musk is about to find out. Regulators already have their alarm bells ringing over Musk’s reportedly proposed plan.
The data watchdog in the U.K., the Information Commissioner’s Office (ICO) is already in touch with Twitter more broadly, though not specifically regarding this matter. “The ICO is engaged in dialogue with Twitter’s data protection officer and is continuing to assess the potential data protection impacts of any changes to the company and its online services,” according to a spokesman from the regulator.
Similarly, the Irish Data Protection Commission told TechCrunch that it is reviewing the plan. A spokesperson for the regulator told Digiday: “We are unaware of any plans for Twitter to roll this out in the EU and we would expect engagement in advance of any such plans”.
Other regulators could follow given the span of Twitter’s audience. The U.S. accounts for the bulk of the social network’s active users, for example, with a total of 77.6 million users, according to the most recent numbers. The U.K. has around 19.05 million active users.
If Musk is going to stave off regulators then he needs to nail one, key thing. He has to be able to justify to them that getting that data from Twitter users is necessary to provide the service that it’s offering. This is debatable. For example, Twitter, as a service, does not need to know the location of its users for them to tweet. But it does need that location data to serve ads to its users.
In this sense, Twitter’s location data is infinitely more valuable to the platform than whatever revenue it’d be able to make off of user subscriptions.
“Clearly, the big tech companies are more interested in your data than they are your subscription revenue, for obvious reasons,” said Russell Howe, vp of EMEA at data control business.Ketch. “But they never tell you. That’s the problem.”
This isn’t a hot take. It’s inscribed in law. Indeed, it’s the principle of data economy in the General Data Protection Regulation (GDPR) in Europe, and it’s in section 1798.121 of the California Privacy Rights Act (CPRA) in the U.S. Both of these clauses say consumers have the right to direct a business that collects personal information to limit its use. And companies should only collect this kind of information that’s actually necessary to perform a service or provide goods.
Does Twitter need your data?
“I think we can all agree that collecting this additional data is not necessary to provide the service that Twitter currently provides,” said Steffen Schebesta, CEO of Sendinblue. “Twitter, it’s working fine without all this extra data that they might collect in the future. It’s purely to optimize their profits. And sell more and more targeted ads. So I think it doesn’t comply with this particular class of GDPR. Nor CPRA.”
That said, if Musk et al did manage to fashion a very clear message about the opt-in, what data is being collected and how it is to be used, it could also become a watershed moment about consumer sentiment on privacy — for better or worse. It’s a big if.
There’s no certainty that marketers will come running back to Twitter. Sure, marketers would love the ability to target Twitter users with a new found treasure trove of personal information.
But that could come at a great cost to marketers that stretches far beyond ad dollars. Using data that’s been gained in the way Musk has proposed could be a PR disaster in waiting. Not every user is going to be OK with it. Some may even walk away from Twitter entirely. If this dismay boils over then it’s another incident of advertising making the headlines for all the wrong reasons.
“U.K and European Union regulators will respond strongly if this is implemented,” said Nigel Jones, director of The Privacy Compliance Hub and lawyer who has represented Google. “They can order Twitter not to continue if it does choose to implement such changes. However, the fines would be the strongest deterrent because if Twitter wilfully decides to act unlawfully the fines will be higher (anything up to 4% of total global turnover).”
Which is to say marketers will be wary. They will already be well aware that TikTok is in the crosshairs of the data privacy regulator in the U.K following the recent notice of intention to fine it £27 million ($33.3 million) it issued, demonstrating that action could also be taken against Twitter.
Attention on Twitter
“Twitter is already in the spotlight for allegations of poor cyber security operations, will surely come under great scrutiny for trying to rush through a one-size-fits-all approach to user consent when the rest of the world is moving towards greater restrictions,” said Jeremy Barnett, chief commercial officer at data privacy tech company LOKKER.
That’s been clear for a while. So much so that by the end of 2023, 75% of the world’s population is going to be under some form of privacy legislation, said Jones. That’s a lot of pushback against companies that were not getting someone’s active consent to share their data. Australia, China, India, and Saudi are coming up with their own spins on this stance on how to empower privacy for the individual, for example.
“You’re seeing the regulator’s bearing more teeth now,” said Howe. “What you’re starting to see now, is they’re not just going after big tech, they’re starting to go after brands for breach of true data protection liability. And so with that comes confidence, because they’re able to pass and instantiate the law that exists, which they haven’t been doing before they kind of like, let’s just get these big flagship wins.”
Correction: An earlier version of this article said the ICO had fined Twitter. It was actually TikTok. This story has been updated accordingly.