He believed that Twitter was recording device info and timestamps when people clicked the shortened links, and that it was technically feasible for the company to gauge someone’s approximate location. This was about exercising a “right to understand” what Twitter is doing with that info, Veale added.
Twitter has declined to comment. However, it’s new to GDPR disputes — Facebook and Google have faced complaints for a while. It could prove costly if the DPC and the EU’s Data Protection Board find that Twitter has violated the GDPR, though. It’s unlikely that Twitter would face a severe punishment, as officials would have to determine that this was a particularly serious violation. It could, however, force Twitter to comply with similar requests in the future.