Mastodawn

I know there is a lot going on at Twitter right now, but here's one more thing. Twitter is ignoring #GDPR requests from people to delete their DMs.

At the moment, when you press delete on a Twitter DM (an individual message or conversation) the DM isn't actually deleted from Twitter's servers, just your inbox view.

So people in Europe have been making requests for Twitter to blitz all their messages. It hasn't properly answered them. And now regulators are looking at it

Full story here: https://www.wired.com/story/delete-twitter-dms-gdpr/

#Twitter #gdpr #infosec #technology #news #wired

Want to Delete Your Twitter DMs? Good Luck With That

People in Europe are making GDPR requests to have their private messages erased, but Elon’s team is ignoring them.

WIRED

Gareth Kitchen Feb 9, 2023

@mattburgess Twitter can easily say that they don't have systems in place to physically delete the data. It is quite possible that actual deletion is only performed when the account itself is deleted.

Julian Andres Klode 🏳️‍🌈Feb 9, 2023

@mattburgess I should probably send them a request to delete all my content, but keep my account - I don't want impersonation.

Matt Burgess Feb 11, 2023

@juliank this is essential where I am at with it all!

Hawlucha Feb 9, 2023

Ultimately, Veale says, Big Tech companies are trying to position themselves so that they decide what people’s information rights are and what information they should provide to people. Veale highlights tech companies’ “download your data” services, which provide people with their posts, photos, and other data, but appear to avoid providing other forms of data such as analytical information. “We don’t really know the extent of information that’s collected by these companies,” Veale says. “The real core problem is that these companies disguise things that look like information rights behind fake user interfaces.”

I'm reminded of someone some years ago who requested their data from Spotify, and had to do back-and-forthing to then finally get what he wanted. And what he got was very detailed about him. Pretty sure much more detailed than what Spotify would usually give to its users requesting their data.

Michael Veale Feb 9, 2023

@Hawlucha @mattburgess i think that was… also me https://twitter.com/mikarv/status/1012386696934182912?s=46&t=mtFodqd5ehBxQl4mYHy-DQ

Michael Veale @[email protected] on Twitter

“When pushed with the GDPR, @spotify gives you a huge amount of telemetry data from their app (for me, 850mb of JSON files). Includes your A/B testing history, anything you've ever drag-dropped, connected, so on. This is how software works today.”

Twitter

Izzy Feb 10, 2023

@Hawlucha which reminds me of someone with a fitness tracker, where the app gave just the last week or so, and the web export had only 1 measurement per minute. GDPR request to get all data in digital form, received a disk with all data ever stored, very detailed. Conclusion: To export your data, make a GDPR request… 🙈

KonsolentieR Feb 9, 2023

@mattburgess Twitter is also ignoring GDPR requests based on article 17 to delete data/account.

I filed a complaint a couple of days ago to DPO of the state Hesse about Twitters behavior.

Dr. Guillermo Power

@thierolfOrg @mattburgess I don’t understand how Twitter is ever going to escape the EU.

Estelle4565 Feb 11, 2023

@gpowerf
@thierolfOrg @mattburgess
They will not and will inevitably be banned. The hate speech, antisemitism and misinformation alone should do it.

Estelle4565 Feb 11, 2023

@thierolfOrg
You might want to inform @noybeu as well. Add to their data point collection for the inevitable lawsuit. 😉

Kevin LaRose,aka Grumpasaurus Feb 9, 2023

@mattburgess I'm still really angry about all this, and probably will be for a while. Elon took something that may have ben flawed but worked well, and completely trashed it. And it was all by design. Why anyone would spend $44 billion to buy somethingjust to wreck it is something I'll never understand.

Will Pollock Feb 9, 2023

"F U, regulators" will not work out well for Elmo h/t @[email protected]

Svetlana Feb 9, 2023

realcaseyrollins ✝️Feb 9, 2023

I feel like if there’s one aspect people want to go after #ElonMusk’s #Twitter for, this would be the way to go. Seems like a cut and dry #GDPR violation.

I’m not sure why #Twitter is still operating in #Europe TBH, they’re ripping the platform for “disinformation” as well

TECI Social

Goblincore Katie Feb 10, 2023

@mattburgess I have a hazy memory of a Twitter engineer giving instructions for deleting DMs shortly after they got laid off, but noting that they expected the instructions to fail at some point. Maybe we're there

Charity Feb Feb 10, 2023

@mattburgess Haha I bet. My teenage daughter's login email was changed, so she can't delete her account. Appeals to Twitter are replied, basically, "Tough luck." Sooo much data they have to play with now.

Aral Balkan Feb 10, 2023

@mattburgess They’re also not responding to GDPR data erasure requests to wipe account data after an account is shut down. I have the receipts if anyone is interested.

Estelle4565 Feb 11, 2023

@aral
Did you file a complaint with your local DPA?

JLab8 Feb 10, 2023

@mattburgess I'd really love it if you could request some comment from relevant US regulators, such as California's AG, who is responsible for CCPA, or the FTC with respect to the consent decree, and see what those entities have to say about Twitter's responsibility to handle data requests in their respective jurisdictions.

Matt Burgess Feb 11, 2023

@JLab8 thanks for the feedback, I did look for people who might have complained under CCPA etc but didn’t find anyone by the time of writing, so focussed on Europe at that time.

eth0 Feb 10, 2023

@mattburgess @euroinfosec Nothing matters until it matters and then becomes a high priority but is late, and then consequences. I don’t know if his pockets are deep enough. Free jail card is expensive. SEC, Twitter, And so on….. lots of money to run away.

Lilian Edwards Feb 10, 2023

@mattburgess have you researched OpenAI n this? T and C say when you delete your account, data associated with it is also deleted but no more details. Strong suspicion here they simply mesn outputs ( eg images created)

Matt Burgess Feb 11, 2023

@lilianedwards I haven’t looked at OpenAI in this way, but just read this and starting to think I should https://arstechnica.com/information-technology/2023/02/chatgpt-is-a-data-privacy-nightmare-and-you-ought-to-be-concerned/

ChatGPT is a data privacy nightmare, and we ought to be concerned

ChatGPT's extensive language model is fueled by our personal data.

Ars Technica

Lance Homer Feb 10, 2023

@mattburgess Does anyone know how the software for a Mastodon instance handles this?

Chloe 🦋Feb 10, 2023

@mattburgess whats up with the lobster

Tazor Feb 10, 2023

I look forward to Twitter getting hit with fines amounting to 2% of global turnover per violation.

msgbi Feb 10, 2023

@mattburgess @charles_ex @aloa5 ireland ugh

coldclimate Feb 11, 2023

@mattburgess thanks for linking to this, I am one of them and didn't know what to do next

Matt Burgess Feb 11, 2023

@coldclimate did you complain to the ICO/DPC, as these are both looking into this and more complaints will make them take it more seriously!

coldclimate Feb 11, 2023

@mattburgess I tried to figure out how on the ico website and have up. Will probably give it another fo

Bjorn Toft Madsen Feb 11, 2023

Jacob Feb 26, 2023

@mattburgess if things work properly as per GDPR, this should get really expensive really quick, right?