Twitter ruffled more regulatory feathers in the European Union by rolling out a much-criticized paid verification feature without notifying its top data protection watchdog in advance, despite previously saying so.
The product, known as Twitter Blue, lets users pay to get a market of blue checks into their account – mimicking the look and feel of the platform’s legacy verification feature offered before the company’s takeover by Elon Musk last year – as well as access to a suite of additional features, such as the ability to edit tweets, undo tweets and get prioritized in conversations.
Talk to ReutersIreland’s Data Protection Commissioner Helen Dixon said: ‘We are a bit more concerned this week now that we see the blue tick subscription service rolling out here in EU countries after reassured that it was not going to deploy in the EU and certainly not until there were discussions with our office.
The Data Protection Commission (DPC) told TechCrunch it continues to engage with Twitter about this, but declined further comment.
The Revised Subscription Product spear shortly after Musk took over the company last fall – after the new billionaire broom said he would open access to blue checkmarks for a fee. However, Musk was soon forced to put the launch on hold after verification chaos ensued.
The product was later relaunched in December – initially in the US, Canada, UK, Australia and New Zealand – with manual checks in place aimed at combating the widespread identity theft that had hosted v1.
Since then, Twitter has continued to expand access to Blue. In January the subscription offer was made available to users in Japan. Then at the start FEBRUARYit was open to more paying users – including the first European Union countries, plus additional international expansions, including for users in Saudi Arabia, India, Brazil and Indonesia. So it looks like it took the DPC about a month to realize that a European deployment was happening without them getting the promised notice.
Twitter Blue rollouts in EU countries have ramped up significantly over the past month. So the regional rollout is clearly not an oversight by any “hardcore” Twitter staffer. (According to this listing on a Twitter product pagethe subscription offer is now available in France, Germany, Spain, Italy, Portugal, Netherlands, Poland, Ireland, Belgium, Sweden, Romania, Czech Republic, Finland, Denmark, Greece, Austria, Hungary, Bulgaria, Lithuania , Slovakia, Latvia, Slovenia, Estonia, Croatia, Luxembourg, Malta and Cyprus.)
A key problem with Musk’s approach is that turning the blue tick into a paid feature undermines its usefulness as a verification signal. It also risks turning the platform into a megaphone for those willing/able to pay for reach, as they get greater amplification of their responses in conversations compared to non-paying users, whose opinions they can drown out. .
Still, it’s important to note that Musk has refined the initial (utter) chaos of his Blue relaunch – by launch of a range of additional products check marks and free symbols (in different colors), including to indicate corporate accounts and corporate affiliations or government accounts. (But good luck trying to single out Verified Journalists on Twitter – some of whom now seem to have had legacy checkmarks asserted as “notable” under the new regime; while others don’t and if you click the one of those legacy blue checks (indistinguishable from paid blue checks), you may still encounter an unhelpful note that reads: “This is an old verified account. It may or may not be notable.”)
Although there is no legal requirement for Twitter to notify its main European data protection regulator of incoming product launches, it is considered best practice – at least where concerns exist (as they say). have done since Musk’s verification restart) – and Twitter backtracking on an explicit promise to do so is clearly frowned upon in Dublin.
There’s another important consideration here – related to Twitter’s ability to continue to streamline its regulatory risk under the EU’s General Data Protection Regulation (GDPR), as it currently does, by not processing ( mainly) only with the Irish watchdog on data protection issues, rather than having to enter incoming calls from each relevant DPA across the block where its service is used.
Twitter can do this because it claims a “primary establishment” in the EU, Ireland, which allows it to take advantage of the GDPR’s one-stop-shop mechanism. However, as we have previously reportedmaintaining this status quo requires it to continue convincing the bloc’s regulators that a decision-making function vis-à-vis EU users actually exists in Ireland. And any unilateral move by Twitter’s US management that pushes risky products across the EU without keeping the DPC informed risks undermining the status of its Irish entity. So if Musk keeps this bossy operating mode it could bring down the whole carefully constructed legal facade, giving it a whole host of costly GDPR issues.
It will certainly be interesting to see whether the DPC’s “increased contact state with Twitter” (as Dixon told Reuters), during the unnotified blue rollout, leads to a meaningful reboot of Twitter’s approach in the EU – or, um, not.