Twitter for Business FAQ

1. What is Twitter’s approach to the GDPR?

Twitter complies with current EU data protection law, and will comply with GDPR. We understand that our advertisers, partners, suppliers and other stakeholders all have a requirement to comply with the Regulation. Twitter cannot advise you* as to whether you are GDPR compliant. However, Twitter has users and advertisers that span the globe, so we are working to ensure that our services comply with GDPR, and that advertisers around the world can continue to use our advertising products and services after GDPR takes effect on 25 May 2018. Advertisers should review our Privacy Policy and Master Services Agreement, which will be updated, before continuing to use our advertising services after the GDPR comes into effect.

 

2. How does Twitter comply with the legal requirements for transferring data?

Our services are primarily designed to help people to see what’s happening around the world. As a global service, we have developed global data practices designed to ensure that our customers’ information is protected. Twitter International Company, an Irish commercial entity, is the controller of our data outside of the U.S., so if you are outside of the U.S. and you share data with Twitter, you share it with Twitter International Company. Today, Twitter International Company processes data in accordance with applicable Irish law and after 25 May 2018, it will do so in compliance with both the GDPR and Irish domestic law.  Additionally, Twitter International Company has Data Transfer and Processing Agreements with Twitter, Inc., in the U.S., and its affiliates, which allow Twitter, Inc., to process personal data.  Twitter, Inc., is also certified under the Privacy Shield framework. For additional information, please review  Twitter’s Global Operations and Data Transfer information.

 

3. Is Twitter a data controller or a data processor?

In general, Twitter is the controller of data we use as part of our advertising services. Additionally, Twitter is the data controller for data derived from activity on Twitter. Where Twitter is the controller, we use that data in accordance with our Privacy Policy.

In some instances, Twitter may be your data processor. For example, when you upload a tailored audience to Twitter, we act as your data processor. You are the data controller of that audience, and as such, you are responsible for ensuring that you have an adequate basis to process the data, including to transfer it to Twitter for processing.    

Twitter’s controller and processor activities are determined by the terms governing your use of our advertising services and our Privacy Policy, both of which will be updated accordingly before 25 May 2018, and will be made available for your review prior to that date.

 

4. Twitter ads products after May 25, 2018

A. How does the Tailored Audience Program work with the GDPR?

Advertisers are the controller of any tailored audiences uploaded to Twitter, and Twitter is a processor of that data.  As such, our Tailored Audience Program T&Cs require advertisers that upload a tailored audience to provide sufficient notice and obtain requisite consent before providing us with this data. To comply with our obligations as the processor of that data under the GDPR, we will be updating the legal terms that govern the use of this program.  

B. How does the Twitter pixel work with the GDPR?

Twitter is the controller of data it receives through the Twitter pixel and through mobile app conversion tracking partners. Twitter requires advertisers to have notice and consent mechanisms in place in connection with their use of this program, as described in our Conversion Tracking Program T&Cs.

 

5. What terms are going to be updated?

Twitter will be updating various terms including in instances where Twitter is your data processor, and for controller to controller transfers.  We will also update our Privacy Policy to comply with the GDPR.  

 

6. Is there a map of Twitter data that can be shared?

While we don’t have a map of Twitter data we can share publicly, our Privacy Policy describes how we collect, store, use, and share personal data.  Please note that our Privacy Policy will be updated ahead of 25 May 2018 to be GDPR compliant.

 

* “You” or “your” in these FAQs refers to our advertisers, partners, suppliers and other stakeholders.