Twitter Would Sell Database to Highest Bidder
I was reading through Wikipedia’s article on Twitter, and was a little unnerved upon reading that:
Twitter collects personally identifiable information about its users and shares it with third parties. Twitter considers that information an asset, and reserves the right to sell it if the company changes hands.
So I opened up Twitter’s privacy policy, and found the section detailing their stance on users’ personally identifiable information. Here it is:
Twitter may sell, transfer or otherwise share some or all of its assets, including your personally identifiable information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.
The phrasing regarding what happens if Twitter goes through a merger or is acquired by another company is pretty typical of most websites’ privacy policies. It makes sense that if the company switches hands, so does the information – so long as the data will be used only to continue providing the original service. The scary part is that if you take out the “typical” phrasing of Twitter’s stance on releasing your information to a third party, you wind up with this:
Twitter may sell… all of its assets, including your personally identifiable information, in connection with a… sale of assets or in the event of bankruptcy.
It’s unnerving that Twitter considers its users’ names and mobile phone numbers “assets”. This phrasing simply translates to “when we close down, we will do the only thing with your information that will get us some last-minute money: we will sell your information to whichever shady company is willing to fork over the most cash”.
How much does a database containing millions of mobile phone numbers go for these days? Especially when it is known that every phone number in the list is active and capable of receiving SMS. There are many companies who would pay a very handsome sum to get their hands on such a gold mine. Should Twitter ever go under, be prepared to run the risk of receiving SMS spam from companies who not only have your number – they’ll also have your name, and whatever other data Twitter may be collecting.
That’s why I have an email account just for twitter, if anything happens I delete it ;)
That is nuts. I never realized that. Very useful. Thank you!
A little scary, but, “You will have the opportunity to opt out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.” Now, doesn’t Twitter’s t&c also say they won’t use your info to contact you with sales, etc? I think it does. Therefore, if they sold the #s, under the quoted passage users would be able to opt-out I think.
-K
@atlaswriter
The words “opt out” should be the words jumping off the page to anybody that reads that. Systems that expect users to opt out are inherently pro-corporate and are not a good thing for users. Who would agree to allow a company to simply sell their personal information for profit? I would bet that number is extremely low, if not non-existent.
Yet if a company sends out a single email to each of its users with instructions on how to opt out, how many will be able to successfully complete the required work necessary to opt out? What if instead of including an opt out link in said email, the company provides a snail mail address and expects users to pay postage in order to send in written notice requesting opt out status? Or a landline phone number in a specific state: how many would foot the bill for a long distance phone call to opt out?
How large is the time frame for opting out? Will users only have 24 hours to opt out? Maybe a week? What happens to people who are on vacation and don’t receive the notification in time? How about those who fail to receive the notification and the opt out instructions (perhaps the email is lost or filtered as spam)?
The most dangerous part of opt out systems from a user’s perspective is that if a user cannot successfully opt out for any reason, the company claims it was the user’s “choice” not to. Inaction should never be an acceptable form of obtaining a person’s signature.
If Twitter thinks that an opt out system is adequate and gives users a fair shot, why not do the opposite? Upon closure of the site, send all users an email asking if they’d like to *opt in* to having their personal information included in the sale. If users are “choosing” not to opt out, then surely the exact same number of users would similarly choose to opt in, no? Opt out preys on people failing to execute the needed steps. More people are likely to fail to opt out than they are to accidentally opt in. Twitter’s depending on this.
[...] read an article tonight from frickenate entitled ‘Twitter Would Sell Database to Highest Bidder‘. He noticed a few alarming statements within Twitter’s Privacy Policy. Including : [...]
[...] Twitter to sell user data to highest bidder? (Via: @twitter_tips) [...]
Great page. Will come back soon!!
[...] meer op: http://frickenate.wordpress.com/2009/04/19/twitter-database-for-sale/ var addthis_pub = 'syndicat'; var addthis_language = 'en';var addthis_options = 'email, [...]