Twitter has ruffled more regulatory feathers in the European Union by going ahead with a rollout of a much criticized paid verification feature without informing its lead data protection watchdog ahead of time — despite previously saying it would.
The product, known as Twitter Blue, lets users pay to get a blue check mark on their account — mimicking the look of the legacy verification feature the platform offered prior to Elon Musk’s takeover of the company last year — as well as access to a suite of additional features, such as the ability to edit tweets, undo tweets and get prioritized ranking in conversations.
Speaking to Reuters, the Irish data protection commissioner Helen Dixon said: “We’re a little bit more concerned this week now that we see that the blue tick subscription service is rolling out here in EU countries having been reassured that it wasn’t going to roll out in the EU and certainly not before there have been discussions with our office.”
The Data Protection Commission (DPC) told TechCrunch it’s continuing to engage with Twitter on the matter but declined further comment.
The revised subscription product launched soon after Musk’s takeover of the company last fall — after the new billionaire broom said he would open up access to the blue check marks for a fee. However Musk was quickly forced to pause the launch after verification chaos ensued.
The product was then relaunched in December — initially in the U.S., Canada, the U.K., Australia and New Zealand — with manual checks in place aimed at combating the rampant impersonation that had greeted v1.
Since then Twitter has continued to expand access to Blue. In January the subscription offering was made available to users in Japan. Then, in early February, it was opened up to more paying users — including the first countries in the European Union, as well as additional international expansions, including to users in Saudi Arabia, India, Brazil and Indonesia. So it appears to have taken the DPC about a month to realize that an EU rollout was happening without it being given the promised notice.
Rollouts of Twitter Blue to EU countries have amped up considerably over the past month. So the regional rollout is clearly not an oversight by a ‘hardcore’ Twitter staffer. (Per this list on a Twitter product page, the subscription offering is now available in France, Germany, Spain, Italy, Portugal, Netherlands, Poland, Ireland, Belgium, Sweden, Romania, Czech Republic, Finland, Denmark, Greece, Austria, Hungary, Bulgaria, Lithuania, Slovakia, Latvia, Slovenia, Estonia, Croatia, Luxembourg, Malta, and Cyprus.)
A key issue with Musk’s approach is that turning the blue check mark into a paid feature undermines the usefulness of it as a verification signal. It also risks turning the platform into a megaphone for those willing and able to pay for reach — since they get greater amplification of their replies in conversations versus non-paying users, whose views they may be drowning out.
Still, it’s important to note that Musk refined the initial (total) chaos of his relaunch of Blue — by launching a range of additional free (different colored) check marks and symbols, including to denote business accounts and company affiliations or government accounts. (But good luck trying to distinguish verified journalists on Twitter — some of whom do now appear to have had legacy check marks affirmed as “notable” under the new regime; while others have not and if you click on one of these legacy blue checks (indistinguishable from paid blue checks) you can still encounter a useless note that reads: “This is a legacy verified account. It may or may not be notable.”)
While there is no legal obligation on Twitter to forewarn its lead EU data protection regulator of incoming product launches, it is considered best practice — at least where concerns exist (as they have from the start of Musk’s reboot of verification) — and Twitter rowing back on an explicit pledge to do so is clearly being viewed dimly in Dublin.
There’s an additional important consideration here — related to Twitter’s ability to keep streamlining its regulatory risk under the EU’s General Data Protection Regulation (GDPR), as it does currently, by (mostly) dealing only with Ireland’s watchdog on issues of data protection, rather than having to field inbound from every concerned DPA across the bloc where its service is in use.
Twitter can do this because it claims a “main establishment” in the EU, in Ireland — allowing it to tap into the GDPR’s one-stop-shop mechanism. However, as we’ve reported previously, maintaining this status quo requires it to keep satisfying the bloc’s regulators that a decision-making function vis-à-vis EU users actually exists in Ireland. And any unilateral decisions taken by Twitter’s US-based leadership which push risky products out across the EU without keeping the DPC in the loop risk undermining the status of its Irish entity. So if Musk keeps up this authoritarian modus operandi it could bring the whole carefully constructed legal facade crashing down — landing him with a whole host of expensive GDPR problems.
It will certainly be interesting to see whether the DPC’s “heightened state of contact with Twitter” (as Dixon put it to Reuters), over the un-notified Blue rollout, leads to a meaningful reboot of Twitter’s approach in the EU — or, er, not.