Twitter is being investigated by Irish data protection authorities about how it tracks people when they click links.
The social network is under examination by the Data Protection Commission in Ireland, where the company has its European headquarters, Fortune reported Friday. The investigation was sparked by a complaint that Twitter may not be complying with strict new data privacy rules, known as GDPR, which kicked in across the European Union in May.
The case is significant because it’s the first time since the introduction of GDPR that a regulator has decided to investigate Twitter. Facebook and Google are already the subjects of multiple investigations in Europe.
Under GDPR, internet users across the EU are allowed to ask companies what data is being collected about them, and the companies are obliged to tell them. But Michael Veale, Twitter user @mikarv and a researcher at University College London, claims that Twitter isn’t playing ball.
When you post a link to Twitter, the social network uses its own tool to shorten the link to keep track of popular articles or identify malware. But what — if any — other data does it collect on users when they click? Veale wants to know but said that Twitter has refused to tell him. The company said it would require disproportionate effort to supply him with the information he wants, according to Veale.
‘The user has a right to understand,’ Veale told Fortune.
Twitter declined CNET’s request for comment.
The Irish regulator sent Veale a letter Thursday, confirming that it’s looking into his complaint and noting that the investigation will likely be handed off to the European Data Protection Board, a body set up specifically to examine potential GDPR violations.
Representatives for Ireland’s Data Protection Commission didn’t immediately respond to a request for comment.