Antone JohnsonDec 8, 2022

Interesting post by #Adalytics making the rounds: “Which websites are sharing data about consumers with Elon Musk’s Twitter?” (h/t @Bongolian): https://adalytics.io/blog/websites-sharing-data-with-twitter

Quick 🧵 to share thoughts, as a social media & tech startup lawyer responsible for such things at large sites in the past (not #Twitter). TL;DR: While alarming, esp. given Musk’s untrustworthiness, there are serious barriers to e.g. #Saudi or #Qatar gov vacuuming up user data in exchange for their investments. 1/x

Which websites are sharing data about consumers with Elon Musk’s Twitter?

Tens of thousands of websites are sharing metadata about their visitors with Twi

Show threadAntone JohnsonDec 8, 2022

@Bongolian As an aside, the WaPo story on which Adalytics relies, while raising valid #natsec concerns, is a bit misleading on a couple points. Onward:

1) This piece laudably digs into legal considerations (FTC etc.) in Twitter’s track record, but elides the core issue in sharing user data: At a bare minimum, you have to “say what you do and do what you say” in a Privacy Policy. What a site does w/ data is a discrete question from what data is collected in the first place. 2/x

Show threadAntone JohnsonDec 8, 2022
@Bongolian Adalytics focuses on whether or not advertisers use Twitter’s more restrictive “RDU” pixel when it comes to collection, which is important to know. But it doesn’t affect limits on Twitter’s legal right (or lack thereof) to share user data with third parties who otherwise don’t have access, which is governed by the Privacy Policy and applicable law. Complying with the Privacy Policy, CCPA (for CA residents), GDPR (for EEA residents) and so forth is not optional. 3/x
Show threadAntone JohnsonDec 8, 2022
@Bongolian Despite what the WaPo piece may imply, *willfully* breaching these obligations by striking a deal to sell or hand over user data en masse to, say, KSA would have dire consequences. The prior FTC consent decree puts Twitter on the hook even for unintentional violations. CCPA and GDPR (+ more states to come shortly) raise the stakes further with respect to millions of CA and European users, respectively. Investing doesn’t make any of that magically go away. 4/x
Show threadAntone JohnsonDec 8, 2022

@Bongolian Here is where WaPo dropped the ball IMO:

2) The $250M figure seems like a red herring. The source WaPo quotes is likely referring to the threshold in investment documents for being a “Major Investor” or similar, as defined. It’s routine in VC/similar financing deals for those in that club to have “information rights” beyond the bare minimum of any investor: Generally ongoing info about the co’s operations (monthly or quarterly financial & other metrics, etc.) 5/x

Show threadAntone JohnsonDec 8, 2022
The Post is using neutral reporting language here, but a convo with a deal lawyer (or ideally the docs themselves, which are confidential) would give important context about contractual info rights that I mentioned above. It would be *extremely* unusual for that “additional access” to include data on any individual user(s) (vs. aggregate site metrics/analytics), and unthinkable to contractually commit to delivering data the disclosure of which would violate privacy laws. 6/x
Show threadAntone JohnsonDec 8, 2022
Seems like a classic journo challenge reporting on complex interdisciplinary subjects. I have no doubt they spoke with CFIUS/Treasury experts who said “these are things we’d worry about in reviewing the deal for problematic foreign involvement.” It requires going back to an experienced M&A or VC or Internet lawyer to learn the internal deal among investors is virtually certain *not* to entitle e.g. #Saudi or #Qatar governments to access granular user data protected by #privacy policy & laws. 7/x
Show threadAntone JohnsonDec 8, 2022
Definitive reporting on this topic would require actually reviewing all of the (confidential) funding docs among investors to see the exact wording of info rights granted to investors at the $250M level. But it’s fair to say there was some speculation involved leading WaPo to say “the documents *could* contain X.” As I like to joke when speculating about unseen documents, they *could* also say that I won the Heisman Trophy in 1996 or am the handsomest guy on earth. 😜 8/x
Show threadAntone JohnsonDec 8, 2022

But a key theme lately is that #ElonMusk has done zero to earn #Twitter users’ trust, and in fact has undermined it. He often acts like contracts or laws don’t apply to him, regardless of consequences. With his erratic & seemingly self-destructive tendencies, it’s not *unthinkable* for him to do the normally unthinkable.

The point of this thread is to add context & temper some worries. Handing user data over to foreign govts merely b/c they invested is extremely unlikely IMO, even for him. 9/9

Show threadAntone Johnson
P.S.: I probably mangled this thread. Still learning differences from doing things on the bird site. Constructive feedback welcome! And thanks for reading if you made it this far.
Dec 8, 2022 at 10:06pmMetatext
Show threadTamar YellinDec 9, 2022
@antone Thread looked good to me!
Show threadedipalmaDec 9, 2022
@antone
It was fine. Bird site was so easy compared to this, but so not worth it any longer…