Twitter's New Tailored Suggestion Service Raises Questions
UPDATED JUNE 5, 2012 TO REFLECT FEEDBACK FROM TWITTER, NOTED IN BOLD BELOW
The buzz words in privacy over the last few months (really much longer than that) have been “Do Not Track,” particularly in regard to joint efforts by browser companies and the FTC to introduce "Do Not Track” (DNT) options. Twitter is just the latest company to adopt a DNT browser option, indicating in a blast email to all Twitter users that the setting is now available for implementation if a user so chooses. Interestingly, a much less publicized setting was also presented in that same email blast: Twitter’s new “tailored suggestion feature.” Applications and widgets created by Twitter will begin to collect data about Twitter users from third party websites that feature those products. This is an entirely new feature from Twitter, and is being implemented as a default option for both new and existing Twitter users.
The addition of the service has drawn the attention of Congress, with Representatives Joe Barton (R-TX) and Cliff Stearns (R-FL), both members of the Bipartisan Privacy Caucus and the House Committee on Energy and Commerce, recently sending a letter to Twitter asking for clarification on numerous issues relating to the tailored suggestions program, and its interaction with Twitter’s commitment to the DNT browser option. The Congressmen seek clarification on how Twitter purports to honor a user’s choice to opt-out of targeted advertising and data collection using the DNT browser option, while simultaneously collecting user information from third party websites under the tailored suggestions program. Further, the letter asks for a broad overview of Twitter’s data collection, retention, and disposal methods. Twitter has until June 15th to respond to the Congressmen’s inquiries.
Takeaways? Remains to be seen. But, as always, organizations making changes to privacy policies should not implement them in an ad hoc manner. In addition to consulting with all internal stakeholders for accuracy and anticipating future use cases that might require additional changes, companies need to consider whether changes are material and/or retroactive, and craft appropriate mechanisms for notifying (and, as applicable, obtaining the consent of) users to such changes.