Twitter discloses a bug impacting collection and sharing of location data on iOS devices

Twitter’s online Help section has the following notice:

You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.

Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature.

Separately, we had intended to remove location data from the fields sent to a trusted partner during an advertising process known as real-time bidding. This removal of location did not happen as planned. However, we had implemented technical measures to “fuzz” the data shared so that it was no more precise than zip code or city (5km squared). This location data could not be used to determine an address or to map your precise movements. The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter. This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner.

We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.

We have fixed this problem and are working hard to make sure it does not happen again. We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed. We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us.

We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day.

If you have any questions, you may contact Twitter’s Office of Data Protection through this form.

As an aside, I note that Twitter lets you upload files or attachments to the data protection form or inquiry but doesn’t let you upload files or attachments if you’re complaining about your personal information being exposed by a Twitter user.  If they can let users upload files for data protection inquiries, why not for data protection complaints about users?

About the author: Dissent