Twitter Privacy Changes: Behavioural Tracking

Users of Twitter around the globe have been receiving emails from Twitter HQ informing them of new features being released. One important feature mentioned allows Twitter to target users with content or features based on the behavioural data collected about Twitter users from third-party websites. Twitter intends to collects data about the other websites visited by their 140 million active users, when those websites have integrated Twitter buttons or widgets.

Here is the text of the email received today, where the announcement regarding recent privacy changes and their new Tailored Suggestions are almost treated as a side note:

New things are always happening here at Twitter HQ. We’re growing at a rapid pace, and our commitment to simplicity, transparency, and reaching every person on the planet continues. We thought you might be interested in knowing about some of our most recent developments:
  • new weekly email that delivers the most interesting news and items you might have missed from the people you’re connected to on Twitter.
  • Now Twitter is in more languages than ever. Check for your preferred language and change your setting.
  • Download the latest Twitter mobile apps at
  • There’s more to Discover on – try out the new Discover tab.
In addition, we’ve made a number of updates to our Privacy Policy and Terms of Service.
Here are some of the main changes to our Privacy Policy, with links for more information:
  • We’ve provided more details about the information we collect and how we use it to deliver our services and to improve Twitter. One example: our new tailored suggestions feature, which is based on your recent visits to websites that integrate Twitter buttons or widgets, is an experiment that we’re beginning to roll out to some users in a number of countries. Learn more here.
  • We’ve noted the many ways you can set your preferences to limit, modify or remove the information we collect. For example, we now support the Do Not Track (DNT) browser setting, which stops the collection of information used for tailored suggestions.

There are a number of potential privacy problems with this new behavioural tracking and targeting by Twitter:

Privacy Problem 1 – Awareness

Most Twitter users would have assumed that Twitter only knew you visited any particular website if you actually interacted with the embedded Twitter button on that website. However, Twitter is gathering data about websites you visit, even if you don’t click on the Tweet button. This is significant since nearly every website today hosts integrated Twitter buttons or widgets. Now, Twitter admits it is gathering all that data about users’ web browsing on other websites and storing it against their personal profiles.

Your web  browsing history – “visits to a third-party website that includes a Twitter button or widget” –  is stored against your personal data (name, date of birth, location, email address) for 18 months. They will stop using the data to tailor content to you after a “maximum of ten days”.

Privacy Problem 2 – Usage

Initially Twitter suggests that it gathers the data in order to improve Twitter. One specific use they highlight is to suggest people you might want to follow who are frequently followed by other Twitter users that visit the same websites as you. There is little other information available about how they intend to use the information in future. It can of course be assumed that the information about your online behaviours will be very valuable for future targeted advertising or content suggestions.

Twitter do make clear that they will share your personal with other service providers who “perform functions and provide services to us in the United States and abroad”. So the usage of your data is not protected by the laws of a particular jurisdiction, but by the contracts that Twitter will have in place with company in various parts of the world. Let’s hope that those contracts are robust.

Privacy Problem 3 – Opting Out

Twitter asserts that they have “noted the many ways you can set your preferences to limit, modify or remove the information we collect”. However there is no opt-in to the service and even though many users have already received individual notification that the service is now live, they are not presented with an option to opt-out. It is unclear if individual users will be notified once this feature has actually been enabled for them.

Twitter makes heavy reference to the “Do Not Track” standardized Internet privacy initiative that has been heavily promoted by the U.S. Federal Trade Commission. However, this is a blanket browser setting that does not make it possible to specifically instruct Twitter to not collect data about the other websites you visit. Furthermore, this facility is not available on all web browsers, so some users will not be easily able to stop Twitter or any other website from gathering browsing behaviour data today.