Several Twitter users noticed a change in their service Tuesday. It wasn’t obvious to most, and might not represent a significant difference. Eric Schonfeld of TechCrunch managed to capture one of the redirect links.
If you look at this link, it turns out that twitter is redirecting to bit.ly. Apparently, these links previously were completely handled by bit.ly. bit.ly is a “simple link shortener”, that “offers URL redirection service with real-time link tracking”. In addition, it includes a complete history of links shortened. Why would Twitter look to track links when they have a perfectly working relationship with their URL redirection provider?
At 140 characters, tweets don’t provide much past commentary. While you may update your location or time of arrival in such a small space, you won’t be writing War and Peace or unveiling details of the latest scientific finding. You do use it to add a bit of social commentary to a YouTube video – “check this out, it’s funny”, or “shhh, don’t tell wifey” while sending a picture.
Tracking links fits in to the company’s long term goals, where Twitter will provide business services including market research and customer prospecting. Information analysis only works when you hold the data. In order to provide some of the analytical services, such as which marketing tweets are promoting customer interest, Twitter will need to pull the bit.ly services in house.
Twitter may slice, dice and distribute any information you put into their system to anyone, anywhere.
all of which activities will take place in the United States. If you reside outside the U.S. your personally identifiable information will be transferred to the U.S., and processed and stored there under U.S. privacy standards. By visiting our Site and providing information to us, you consent to such transfer to, and processing in, the US.
Twitter is very clear that all information collected and processed occurs in the United States. This allows citizens of the European Union and other like minded countries notice that they are opting in to monitoring and marketing – the protections afforded by local EU Data Protection Directive style laws will not apply.
Information Collection and Use
Our primary goals in collecting personally identifiable information are to provide you with the product and services made available through the Site, including, but not limited, to the Service, to communicate with you, and to manage your registered user account, if you have one.
“The Service” is quite broad, and likely includes provisions for third party tracking and marketing (i.e. bit.ly). Obviously, when Twitter introduces their own business services, this will extend “the Service” definition.
Information Collected Upon Registration. If you desire to have access to certain restricted sections of the Site, you will be required to become a registered user, and to submit certain personally identifiable information to Twitter. This happens in a number of instances, such as when you sign up for the Service, or if you desire to receive marketing materials and information. Personally identifiable information that we may collect in such instances may include your IP address, full user name, password, email address, city, time zone, telephone number, and other information that you decide to provide us with, or that you decide to include in your public profile.
This section does imply that you must opt-in to receive marketing materials. Obviously, anything placed on a public profile is not longer private, but apparently information it will not be disclosed. Your user ID is not considered PII.
Additional Information Your full user name and your photo, if you decide to upload one … you may provide additional information in the profile section, including but not limited to your bio, your location, as well as your personal web site, if you have one. Providing additional information beyond what is required at registration is entirely optional, but enables you to better identify yourself and find new friends and opportunities in the Twitter system. If you activate the mobile phone options per the Terms of Service at www.twitter.com/tos, we will collect your cellular phone number account information. … If you contact us by email through the Site, we may keep a record of your contact information and correspondence, and may use your email address, and any information that you provide to us in your message, to respond to you.
Again, anything provided past the required registration username is optional, but will be recorded and associated with the non-identifiable information Twitter collects.
Use of Contact Information In addition, we may use your contact information to market to you, and provide you with information about, our products and services, including but not limited to our Service. If you decide at any time that you no longer wish to receive such information or communications from us, please follow the unsubscribe instructions provided in any of the communications.
This suggests an opt-out for marketing and additional product information. This seems like it may be in conflict with the earlier opt-in statement.
Log Data When you visit the Site, our servers automatically record information that your browser sends whenever you visit a website (“Log Data” ). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting, the web-pages you visit, the search terms you use, and any advertisements on which you click. For most users accessing the Internet from an Internet service provider the IP address will be different every time you log on. We use Log Data to monitor the use of the Site and of our Service, and for the Site”™s technical administration. We do not associate your IP address with any other personally identifiable information to identify you personally, except in case of violation of the Terms of Service
Here’s the part directly affecting bit.ly and the new click redirect service. You do not own the clicks – Twitter will record your Log Data, and although not directly associated with your PII, your IP address could be put together with your user ID, which does not constitute PII.
Like many websites, we also use “cookie” technology to collect additional website usage data and to improve the Site and our service…
Google recently faced scrutiny regarding their behavioral advertising using cookies, and Facebook’s Beacon program, which used a more nefarious technique, caused quite a stir late in 2008.
Information Sharing and Disclosure
Service Providers We engage certain trusted third parties to perform functions and provide services to us, including, without limitation, hosting and maintenance, customer relationship, database storage and management, and direct marketing campaigns. We will share your personally identifiable information with these third parties, but only to the extent necessary to perform these functions and provide such services, and only pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your data.
This is where bit.ly (for now) comes in. PII will be transferred, and the information updates will likely flow down to these third parties. It does not mention anything regarding third parties updating Twitter’s information.
Our Policy Towards Children
The Site is not directed to persons under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at privacy at twitter dot com. We do not knowingly collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with personal identifiable Information, we will delete such information from our files.
Twitter, as well as any other online business, must follow the Federal Trade Commission’s COPPA, the Children’s Online Privacy Protection Act. The idea being children will easily share much more information than necessary, potentially placing themselves in danger.
CIPP Candidate Preparation
In preparation for the Certified Information Privacy Professional exam, a privacy professional should be comfortable with topics related to this post including:
- Introduction to Privacy: Privacy as a factor in business risk management (Foundations: I.C.a.i.2), Elements of Effective Privacy Management (Foundations: I.G.b.i) and Threats & Vulnerabilities
- Online Privacy: Cookies (III.B.g.i) and Web Beacons (III.B.g.ii)