Midway through last year, Twitter moved data control for all non-EU citizens to Ireland in the EU. Twitter then declared its subsidiary, ‘Twitter International Company’ to be a data controller in the EU for all non-US citizens. This brought it under EU Data Protection law.
A few weeks ago on 30/01/2016, a French man won a case in a Paris appeals Court that he could sue Facebook for suspending him,
The Witchfinder comments on how users can use EU law to assert their rights on Twitter.
So last week I was suspended from Twitter. All of my accounts were simultaneously suspended. There was no explanation – no ‘you are a spammer / meanie / aggressive follower’. I assumed the most likely reason was my article criticising Motherboard Associate Editor Sarah Jeong for doxing a rape victim, although this later turned out to be incorrect when they finally did give reasons.
Annoyed, I started to look up the applicable law. At first I despondently thought it would be California law – readers will recall my dispute with the Block Bot last year. They said they were immune because Twitter held its servers in the US.
Much to my surprise, I discovered that Twitter, per its privacy page (archive here, further archive here) moved its operations for all non-US people to Ireland and declared a data controller in April 2015. Twitter’s Irish subsidiary ‘Twitter International Company’ (TIC) is the data controller. When you use Twitter in the EU, according to its terms you are contracting with TIC and for most people this will be a consumer contract.
This is HUGE. EU law puts draconian obligations on Data Controllers like TIC and is incorporated in Irish law in a Data Protection Act almost identical to the UK one. Want to know why you were suspended? Put in a ‘subject access’ request. In the EU, all Data Controllers are required to allow users to obtain their own personal data.
If you write to Twitter and make a subject access request, it must provide copies of all its records on you within 40 days. More importantly, it must explain how your data is processed. Data Protection Law is the same throughout Europe because it is based on a European Directive that has been incorporated into EU law by each member state. In Ireland it is the Data Protection Act 1988 (as amended).
Worse (for multinational companies), a European Court recently held that if a company has a permanent representative in your country you can sue for Data Protection breaches in the Courts of your own country.
As Twitter did not seem to have a clear Subject Access process, I contacted the Irish Data Protection Commissioner. A spokesperson said,
“Companies are not in fact required to have Subject Access Request Policies in place, but are obliged to comply with any Subject Access Requests made to them.”
So I made a subject access request. I wrote a polite letter to Twitter’s General Counsel. I asked them to review the suspension or if not, turn over all records they had on me (including disciplinary records) and details of how they process sensitive information. In EU law Data Controller have to tell you if they are processing data about race, gender and / or political belief. That means filtering hashtags or users like Milo Yiannopoulos (@Nero).
Responding to subject access requests, Twitter is allowed to charge a fee of up to €6.35. The law allows Twitter to redact the names of third parties like anyone who complained about you and also its staff. However, it cannot redact what they said unless one of several narrow exceptions applies (for example, law enforcement – but that means actual law enforcement not ‘harassment’).
You are also allowed to ask how your data is used. For example, “Can you please tell me if you are using algorithms or otherwise tracking the use of hashtags like ‘#GamerGate’ or ‘Nyberg’?”
EU law requires that data be processed ‘fairly’, and all EU laws are interpreted in line with the European Convention on Human Rights (ECHR). This applies to decisions about bans. In particular, data about political opinions is ‘sensitive’, and more restrictions apply. Data must be used for a particular purpose, so the fact it is allowed for one purpose does not make it lawful to use for others.
If a company does not comply or wrongly redacts data with unreasonable excuses then after the time limit expires you can complain to the Irish Data Protection Commissioner, which can levy enormous fines and apply enforcement notices to them. In extreme cases the Commissioner can shut down the company.
Two days later – unsuspended. The explanation? They said it was all a mistake. They claimed that they had thought my personal, blog and parody account have overlapping use cases.
OVERLAPPING USE CASES? There are users on Twitter who openly admit to being attracted to children. There are jihadis. There is ISIS. PRIORITIES, PEOPLE! Even so they unsuspended me so I thought – why not let bygones be bygones?
The next day they suspended me again. I dropped a letter to their General Counsel and it was dealt with that working day. Unsuspended – and the same purported reason.
I just thought … how unprofessional. What if I was a business owner and my livelihood depended on this? The blog is non-profit but imagine if a business phone line was cut off without warning or even an explanation of what had been done wrong, and replaced by a vague, ominous automated message saying the business user had been suspended for some ‘breach of rules’.
Twitter had also at the same time suspended an API key I had made for my research application, Malleus Twitter. At this point I decided I was disgusted by the whole thing. I decided as I set out in my previous article that I no longer wished to use Twitter – at least for the immediate future. I renamed and deactivated my accounts. The traffic has been declining anyway as other users become equally disgusted.
Data Protection aside, Europe has powerful, Europe wide consumer laws. These typically allow consumers to enforce consumer contracts in their own local courts and prohibit unfair terms. It may not be obvious to some people, but the relationship between Twitter users and consumers is a contract.
One common type of unfair term is called a ‘Choice of Law’ clause. For example, both Facebook and Twitter make you agree to a term that your contract is governed by the laws of California. Putting this into context, if you use Twitter in England, you are contracting with an Irish company. How can it be reasonable to apply the laws of California?
Unfortunately for companies like Twitter, numerous consumer laws apply to override their questionable terms. For example, section 74 of the UK Consumer Rights Act 2015, says –
“74 Contracts applying law of non-EEA State
(1) If —
(a) the law of a country or territory other than an EEA State is chosen by the parties to be applicable to a consumer contract, but
(b) the consumer contract has a close connection with the United Kingdom,
this Part applies despite that choice.”
Section 62 says this –
“62 Requirement for contract terms and notices to be fair
(1) An unfair term of a consumer contract is not binding on the consumer.
(2) An unfair consumer notice is not binding on the consumer.
(3) This does not prevent the consumer from relying on the term or notice if the consumer chooses to do so.
(4) A term is unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties’ rights and obligations under the contract to the detriment of the consumer. […]”
So all the sections in Twitter’s terms about being allowed to ban you for no reason? Ink on a page.
Given Twitter’s far from transparent approach to conduct issues, I suggest that any aggrieved EU users write to them to exercise their subject access rights. This is especially important if any account you own has been unfairly suspended. (Obviously, if you did in fact do something serious like sending death threats, not such a good idea).
A model email follows, which should be sent to privacy@twitter.com and copied by letter (standard postage) to Data Controller, Twitter International Company, 42 Pearse Street, Dublin 2, Dublin, Ireland. Use the email associated with your account to avoid any identity holdups.
As a minor issue, it would also be nice if everyone would report Sarah Jeong. This author finds it incredible she is still allowed on Twitter and it underlines the emptiness of their comments on ‘Trust and Safety’.
I suggest this –
“[Your Address]
[Phone]
[Email]
[Date]
Dear Sir or Madam,
Subject Access Request – @[AccountName]
I am a Twitter user under the account name @[AccountName]. My account was was suspended on [X] and have been given no adequate reason. I hereby make a subject access request pursuant to the Data Protection Act 1988, Ireland.
Please provide all information about my account, including the reason for my suspension. It is not enough to provide a mere vague category of offence, please provide all information you hold on the reasons.
I quite understand if you wish to redact the identities of staff or any complainants because it is not my intention to use this response for retaliation.
I am especially concerned to read other users suggesting that Twitter is processing sensitive information like political belief. The Act requires you to explain how data is being processed, so please confirm whether you are processing political data like hashtags.
I would also like to express my disgust at the fact that @SarahJeong is allowed to use your platform in light of her behaviour, which as you are aware included doxing a rape victim. Her continued presence casts doubt on the character of Twitter and its senior staff and makes your claims to care about safety or respect ring hollow.
Kind regards,
[Real Name]”
I’ve been suspended four time in the last 72 hours. I just tried your method, I hope it’ll work. They given me no reaons for my suspensions
and they won’t do, the cowards! Read below my story. Nobody warned me, either. Good luck to you.
I have been “ghostbanned” from Twitter, my tweets unsearchable since Boxing Day 2015. Recently a follower of mine who retweets me and vice versa has been as well. Guilty by association? What I am unclear on is – do I write to Twitter to ask for the subject access and if so where do I contact them? Also, I spend about 6 months traveling and am in US now so can this work for me from here or do I need to be back in UK? It is killing my business and the underhanded tricks of Twitter are ridiculous. It’s sort of obvious somebody has complained as I sell Pagan goods, nothing naughty, just stuff and my friend whom has been ghostbanned sells Pagan styled memory boxes. I find it unreasonable that somebody is complaining after I’ve been on Twitter over 3 years flogging my wares. I don;t even know if it is because of complaints because Twitter hides behind their stupid policies and never tells anybody what they’re up to nor do they help you to fix the problem. Meanwhile, my sales are down the swanee. I hope you can clarify these things for me….I am ready to take Twitter on!
Emailed you, Isabella.
How do you find out if you’re really ghost banned. I believe that is the case with my acct. @jonhammsslimjim. No one ever really responds to my tweets. I’ve suspected that I’ve been trolled and tracked via my ip address. I truly believe based on some conversations I’ve had in the past that Jack and Co. are that insecure and twisted to do this someone such as myself. How to turn this into a legal action? Just not really sure.
Anyone can email me at jean.berkman@aol.com if they have any decent advice on this. I believe businesses like this should be sued for simply falsely advertising that your site is viewable when most people really don’t see your tweets. … it’s fraud or some type of business fraud as far as I can tell. Thx.
“cases doubt” should be “casts doubt”.
Thanks 🙂
This is horrifying. The administrators of a network in a nightmare scenario.
This is not how a publicly traded company ‘cleans its act’, period. Unless the place is China.
this is major
you’re either gonna get shot and this revelation scrubbed from the web in the next hours or this is gonna change twatter and the social web for the coming years
Hmmm, would this also work if you’re ghosted from youtube? I’m no UK folk, but I do live in the EU.
I tried to contact them trough a form, but no response in over a month yet…
I’ll probably try the info@google and admin@google etc e-mail accounts, (to see which one is monitored) in the future…
Yes Google is bound by EU Data Protection Law and yes if you are subject to some sanction they will have to tell you why.
Small update.
Seems the ghost ban has been removed 2 weeks after sending an e-mail 🙂
No official response yet though.
Well, spoke too soon….
Seems the channels in question had allowed me to comment, default is still ghost banned :/
Serious question: Can these requests be made by US citizens, or do we have to rely on a person from a EU country to make the requests?
I.e., could I, as a US Citizen, make the request to know if they are censoring hashtags I have participated in, or shadowbanned people I follow, or even request all data on why @Nero was banned (as I followed him)?
Unfortunately, you can only make these requests for yourself and usually only about your own data.
So I sent this off to Nero, and he said he’d read it. And boy howdy, did he:
https://www.scribd.com/document/319478581/Milo-Yiannopoulos-Subject-Access-Request#from_embed
Such delightful chaos. Lets see Twitter try to hide when EU law says they have to be transparent. hhahaha~!
As a followup, they are claiming he doesn’t count as a EU citizen anymore because he visits the US.
http://www.breitbart.com/milo/2016/08/15/slippery-twitter-tries-and-fails-to-dodge-milo-data-access-request/
Have we found any recourse for U.S. accounts?
I have a Grover Cleveland parody account (@realGroverC), and I reach out to anyone who mentions him. People love it! They make a joke to their friends about Grover, and then – poof! – there I am, making a quip, acting offended, etc. #dayMade, #bestTweetEver, #nowICanDie are a few of the replies.
Anyway – during the DNC, there were a LOT of Grover mentions, so I sent a lot of replies. No complaints that I’m aware of. Nothing spammy. I’m not even selling anything.
And now I’m ghost-banned.
If you have any advice, I’m really eager to hear it. In the meantime, we’re trying a #FreeGrover campaign @Support, but I suspect they’ll just ignore it.
@realGroverC
@UnlceAdlai
#FreeGrover
Pingback: This Week In Social Justice August 14th 2016 | I,Hypocrite
I’m running an account on which I post mainly tweets with affiliate links.
I don’t know if I exceeded in tweeting too many tweets with links, or if I have too many fake/inactive followers, or if the several lockouts happened abount 20 days ago affected my account (and many others I know as well), but in the last three weeks I noticed a sharp decline in the number of retweets I’m getting.
I discovered that my tweets cannot be seen by most of those I mention. I’m not sure if I’ m completely “ghost banned”. There are days in which my tweets can actually be seen by some accounts I mention, but the day after they cannot see my new tweets anymore. The accounts involved aren’t always the same, so it’s impossible for me to know in advance which ones wil be able to see my tweets in a given day.
I have a backup account that is not suffering this situation (yet) and if my “affected” major account mentions it, I can actually see my tweet (most of the times) from my backup through TweetDeck.
My friends and I used also to autoretweet each others tweets (tweets containing a particular hashtag) with Roundteam. Even in that case I can barely get 1 or 2 retweets from them instead of the 10+ I could get before (again visibility problems).
I also noticed I cannot see some of the tweets I’m mentioned in (whether I use Twitter Web Client, Twitter App, Tweetdeck or Hootsuite), even though Roundteam can pick up those “hidden” tweets (or at least some of them).
Even the number of new daily followers have dropped significantly (from 500/day to not more than 200/day)
I hit repetedly Twitter Support, as always to no avail (not even an autoresponse).
Right now I can get retweets almost exclusively through retweet groups or rt exchanges with single accounts (10×10). I also stopped my Roundteam (premium version) to avoid getting locked out for automated or suspected behavior.
I’m desperatly trying to find a solution, so if you have one, please contact me via email (Matthew) or reply to this post (anyone else).
If I cannot find a soultion I will probably stop mentioning other accounts and only post tweets with links in as many retweet groups I can handle and doing as many retweet exchanges I can. If Twitter is trying to prevent spamming, isn’t this a self defeating strategy?
I’m so furious. I find outrageous that the people who are running Twitter behave like mobsters sabotating their own clients without a single motivation added. No wonder the company is in bad shape.
I’m sorry for the length of this post and ecluse me for my English.
Same issue here. Banned, which they said was for having overlapping accounts. I clarified what I used each account for and offered to delete some if they returned my main account, which was six years old. They replied saying there were ‘multiple violations’ but refused to specify what they were and said they would not reply to any further messages regarding the account.