Authorities have launched an investigation into a GDPR complaint made against Twitter, after a researcher claimed the social media network refused to comply with his request to view his own data.
Michael Veale, a privacy researcher at the University College London, was concerned about additional data collected about Twitter users who click on links made by its link-shortening service, t.co.
Under GDPR, people are allowed to ask companies to provide a copy of the data they collect on them, as well as how they amend, move and delete that information. Organisations found to have breached GDPR can be fined up to €20 million (£15.1 million), or 4% of their annual revenue – whichever is higher.
But Veale said Twitter was “misinterpreting the text of the law,” and should not be allowed to use the rule in order to obscure data transparency.
Veale complained to the Irish Data Protection Commission (DPC), which responded in a letter saying that it would investigate Twitter. The European Data Protection Board is handling the investigation.
The letter read: “The DPC has initiated a formal statutory inquiry in respect of your complaint.
“The inquiry will examine whether or not Twitter has discharged its obligations in connection with the subject matter of your complaint and determine whether or not any provisions of the GDPR or the (Irish Data Protection) Act have been contravened by Twitter in this respect.”