Privacy: Twitter 'inadvertently' collected and shared location data of some users
Social media services are hardly regarded as bastions of privacy, and the latest slip-up by Twitter goes some way to showing why. Twitter has revealed that it "may have accidentally collected location data" about users, that this data was shared with one of its "trusted partners".
Twitter blames the "inadvertent" data collection on a bug, and says that the issue affects some iOS users. It also says that precise location data was not collected or shared, but zip code or city-level only.
- Privacy: Microsoft wants to (sneakily) collect more data from users via Office
- Privacy: HMRC forced to delete 5 million unauthorized voice recordings of UK taxpayers
- Privacy: Facebook 'unintentionally' scraped and uploaded 1.5 million users' email contacts
Twitter is quick to point out that not only was the data collection accidental, but that it affects only a portion of iOS users in certain circumstances -- specifically those who have added a second Twitter account to the mobile app and enabled the precise location in one or them.
Through its Twitter Support account, the company said:
Due to a bug in Twitter for iOS, we inadvertently collected and shared location data (at the zip code or city level). We have fixed the bug, but we wanted to make sure we shared more of the context around this with you. More here: https://t.co/n04LNt62Sa
— Twitter Support (@TwitterSupport) May 13, 2019
Going into more detail in a blog post, Twitter says:
You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.
Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature.
The post continues:
Separately, we had intended to remove location data from the fields sent to a trusted partner during an advertising process known as real-time bidding. This removal of location did not happen as planned. However, we had implemented technical measures to "fuzz" the data shared so that it was no more precise than zip code or city (5km squared). This location data could not be used to determine an address or to map your precise movements. The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter. This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner.
We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.
Twitter says that it has contacted anyone who was affected by the issue, so if your location data was collected and shared, you should have heard something from the company.