:
Thank you very much, Mr. Chairman. Thank you, other distinguished members of the committee. It is a great pleasure to be here in Ottawa with you today to discuss the important subject of social media and protection of our users' personal information.
As some of you know, Twitter is a global communications service that was created in 2006. Since its inception, Twitter has been designed primarily to enable users to share information publicly with the world. In the short span of our company's history we've seen how Twitter can bring people closer and help them feel more connected to what's going on in the world. Twitter can be a very empowering tool for users to be global publishers and information consumers.
We've been privileged to be a platform for famous artists, such as Ai Weiwei, who, although he cannot leave China, can communicate with the world via Twitter.
Twitter has also been used as a platform for the Royal Canadian Mounted Police. They've used it effectively for community outreach, for recruitment, and for offering support to gays and lesbians who were victims of abuse and bullying.
We are very proud of the role Twitter plays in giving voice to the stories of millions of people every day.
Let me give a little context about how Twitter works. As some of you know, Twitter is a free service that allows people to publish and receive short messages, 140-character messages called “tweets”. Most people using Twitter have accounts. You sign up for an account, and you're able to follow other users. You can automatically see their tweets in your timeline, which is the stream of tweets that you see when you log into the service—although you do not need to have an account to use Twitter to see publicly visible tweets.
Because of the ease of following on Twitter, the ease of using the service as a publishing platform, we now have more than 140 million users around the world. They publish more than 400 million tweets per day in many different languages. There's a real diversity of users and interests represented on Twitter.
We've seen it used for politics and news, art, music, entertainment, sports, fashion, food, culture—you name it. We've seen politicians engaging with citizens. We've seen celebrities responding to fans. We've seen individuals seeking and obtaining redress from global companies. We've seen online literature, charitable campaigns. We've even seen calamity and natural disaster. It's been a way that we could witness what's going on in other parts of the world.
Our goal is to be the platform for the global public conversation, for the global town square that Twitter has become.
Let me talk a little bit about our approach and commitment to privacy, but let me tell you first a little bit about who I am. As you know, I'm Laura Pirri. I am one of the legal counsel at Twitter. My primary responsibility is to advise the company on some of its product initiatives. That includes data protection issues, and it includes compliance with our privacy policy.
Privacy, though, is something the lawyers in the company.... We aren't the only ones who think about it. We have a set of company values, and one of our company values is to defend and respect the user's voice, and that includes respect for the user's personal information.
Our service doesn't require a whole lot of personal information in order to use it. As I mentioned, you can use the service without actually having an account. If you have an account, you don't need to provide a real name or a street address. You don't need to provide age. You don't need to provide gender.
Also, you can protect your tweets if you don't want them to be publicly visible, although it's worth noting that most people come to Twitter in order to share information publicly. They want their tweets to be public.
Drawing on our company values, when we're launching and designing our product features, we do so with privacy in mind. For example, one of our privacy philosophies is to provide contextual notices or disclosures to users in the product at the time that they provide us with information, in order to supplement our privacy policies. I did actually listen to some of the questions that you asked previously.
One of the questions you asked was about privacy policies: do users read them and how do we know that users are aware of our privacy practices? One thing to help ensure that users are aware is to provide additional disclosures, to provide these kinds of contextual notices. Let me give you an example of how we do that. It's our “tweet with location” feature. Since I know that some of you are active users, you may know how this works, but we have a number of different notices and controls around the tweeting with location feature.
First, in order to tweet with location, you have to actually turn it on in the settings. You go to the account settings and you turn on the “ability to share location with Twitter”. Once you've turned it on, when you go to the tweet box, you'll see a location icon that's in the area where you compose your tweet. You have the option to turn location on or off on a per-tweet basis, so you can decide with each tweet whether you want to include your location in the tweet. There's also information about tweeting with location, how it works, and what it means. In addition, if you've tweeted with your location, you can also change your mind later and decide that, actually, you don't want your location in those tweets, so you can go to your account settings and remove location from your tweets without actually deleting the tweet itself.
Twitter is still a young company. It's certainly younger than the other companies you've had here. We're keenly aware that our platform must serve our users well and that we must earn their trust by providing a robust service that is engaging and also safe and secure. Let me close with an example of how we work hard at achieving that balance. I want to talk about a product launch we had earlier this year that I was involved in.
We launched a product feature to tailor suggestions for users, suggestions for accounts to follow in the service. We wanted to help them find in the service more accounts that they might be interested in. For those of you who use the service, I'm sure you know that Twitter is better when you're following people who are talking about things that you're interested in at the moment.
What we found was that we could make much better suggestions for users to help them follow accounts that they're interested in, based on the accounts that are frequently followed by other users who visit the same websites in the Twitter ecosystem. The Twitter ecosystem is all the other websites that have integrated Twitter's buttons and widgets, like our “tweet” buttons and our “follow” buttons that allow you to tweet from other websites or to follow users from other websites. We found that this was a really great way to present users with current and interesting suggestions for who to follow on Twitter.
I'm sure, as many of you know, that this is not unique to Twitter. Other services that are integrated into websites—LinkedIn, Facebook, or YouTube—also receive this kind of web visit information when users visit pages in which their services have been integrated.
We're very excited that we could make much better suggestions for users to more quickly and easily find what they're looking to follow on Twitter. At the same time, we really wanted to give users simple and meaningful choices around the collection of this information and whether it's collected and used for improving their service experience.
We are very proud to be one of the first major Internet services to implement “do not track“. We implemented it as a way for users to let us know, by setting “do not track” in their browser, that they do not want this information collected. That way we can improve their service experience by making better recommendations. I think it's important to stress that this is a “do not collect” implementation that we made, because we actually don't collect the information. There's been a lot of discussion around “do not track” and exactly how it should be implemented.
We worked collaboratively with the United States Federal Trade Commission in our “do not track” implementation. We also worked with a lot of lawmakers and advocates in the privacy community in the United States, and we were really thrilled with the praise they gave us on our implementation. It was an honour, and we were very appreciative of the kind words they had.
Although we do not have an office here in Canada, and we don't have employees here—in fact, today is our first visit as Twitter employees to Canada—we did reach out to the Office of the Privacy Commissioner here in Canada at the time we did this product launch just to let her know what our plans were and that we planned to implement this product feature and support “do not track”. We hope that our support of “do not track” shows its value as a consumer tool for privacy, and we hope it encourages wider adoption of it as a privacy preference for users.
Thank you very much.
:
Thank you, Mr. Chairman.
[English]
Thank you very much for coming. We're very pleased that you're here, because we're in the final stages of this study. I think that as legislators we're looking across party lines, though I can't speak for my colleagues over there, and I never would try to. We don't want reactive legislation. We want legislation that works so that we can allow the platforms to develop. To us, at least those of us in the New Democratic Party, the enormous possibility for democratic engagement is an essential element.
We think we have a strong privacy regime in Canada. We believe Canadians really value their privacy. They are crazy users of social media—they're all over—but they still want that balance. The question is, how do we strike that balance?
I'd like to ask you about some of the experience with Twitter, because its set-up is different from, say, Facebook's, so it has different strengths and weaknesses. Because of the anonymity features, we've seen a number of cases recently of threatened lawsuits, such as that of Lord McAlpine, who threatened 10,000 Twitter users with lawsuits over re-tweeting allegations about him.
This is certainly putting us into new territory in terms of what is libel and where libel applies. When someone says they're going to sue 10,000 people, 9,000 of them for re-tweeting something that damaged someone's reputation, how does Twitter work with that? Do you say you have to bring a production order to get the data on these anonymous names? Some of them might be obvious, but the vast majority will have an anonymous handle, so how does Twitter deal with those kinds of situations?
:
Thank you very much, Mr. Chair.
Thank you, Ms. Pirri, for being here. Welcome to Canada. We're glad to have you here for those of us who are rabid tweeters, not as rabid as Kady O'Malley is in the back there, but some of us like to send lots of tweets out. We even have our friends like Mr. Angus, who used to do it and then decided to quit.
I didn't know about this Politwoops thing so I think that's kind of interesting. It might give me something to do on the plane on the way home tonight back to Mississauga.
This has been a fascinating study. I think all members of the committee, regardless of whether they're government members or opposition members, have really gotten a lot out of this. I think our goal on this whole thing is to make sure we don't stifle the creativity and the innovation, and what Canadians want out of social media, because they clearly want it. They're using it, they believe in it. It's an important communication vehicle for them through their friends, through their colleagues, and so on. But I think we want to make sure that we're also having a strong balance to make sure people's privacy is protected.
My oldest daughter is 13. She tweets, and I'm always worried, concerned as a father to make sure that her personal, private information is not part of it. Most of her tweets are fun little things. I think it's innocent and it's all good, but as a father I worry.
Have you been able to come up with policies within the organization to make sure that younger users of the service...? It's great for adults to send something out, or violate their own privacy. We're adults. We should take some responsibility. But when you have a 13-year-old daughter, you are concerned. You want to make sure she has some latitude and freedom to enjoy communicating with her friends through an excellent social medium, but you also want to make sure that their privacy is being protected. Do you differentiate in users around younger users of the system and people my age and others who really should know better in what they're sending and how their privacy is being protected?
:
Thank you, Mr. Chairman.
[English]
Thank you to our guests for being here. I appreciate it.
[Translation]
I am also on Twitter. As well, I am a member of Parliament who believes in the democratic process around the world, in the free flow of information and in freedom of expression. This is very important. It helps us improve our world and our planet, but at the same time, it raises some questions for me.
I've been listening to you from the beginning, and I have some concerns. I'm thinking of the role Twitter played when some regimes were challenged. It was a passive participation, but the free flow of information weakened some regimes. You are not the only ones, because there are other networks.
You have been very successful and you have been a victim of your own success. Given how much you have expanded, have you brought about mechanisms to protect yourself from people who are very disturbed by your very existence and who might engage in computer attacks? Of course, I am referring to what happened in January and May 2009 with regard to certain individuals. In that case, individuals were involved, but my question has to do with much bigger actors, who have a lot more money.
[English]
Do you want me to say it in English?
Chairman Dusseault, Vice-Chairman Andrews, Vice-Chairwoman Davidson, and members of the committee, thank you for the opportunity to share Acxiom's perspective. Also, thank you for the opportunity to do it via video conference.
First, let me say that, as a global company, protecting privacy has been a priority for Acxiom for decades especially in countries unlike Canada where the laws do not cover all of the uses of personal data. We as a company pride ourselves on following all the legal obligations in each country where we source data. I also want to point out that when consumer data is properly used it can make significant contributions to the economy, and the growth and stability of an economy.
For 40 years Acxiom has been a market leader in responsibly providing innovative, computerized marketing services and a complementary line of data products to help our clients deliver better products and services smarter, faster, more cost effectively, and with less risk. Our global revenues are in excess of $1 billion annually. Our computerized marketing services are over 80% of worldwide revenues and our data products are less than 20%.
While in other countries we do provide a wider range of products and services, in Canada we only provide business and consumer telephone directory products amounting to just under $1.5 million in annual revenue. Acxiom does not have a physical presence in Canada. Instead, we deliver and support our Canadian business from our headquarters in Little Rock, Arkansas, here in the U.S.
Acxiom's Canadian business and consumer directories are licensed to companies and non-profit organizations for their internal use as an automated and inexpensive form of directory assistance or for direct mail and telemarketing purposes. Our directories are also licensed to companies that host directory search engines on the Internet for both consumer and commercial use. In these instances Acxiom's listings may be merged with telephone listings from other sources by our client. Many of the sites that license our directories display on the side the reference, “Data by Acxiom”. Our clients receive updated replacement directories on a periodic basis, some monthly, some quarterly, and others less frequently. These directories contain published business and consumer listings from printed telephone directories and additional listings available from directory assistance. They also contain Canadian census data that has been appended to the listings. We also flag all consumer records that have registered with the Canadian Direct Marketing Association through their do-not-call and do-not-mail suppression services. All clients who use the directory for telemarketing purposes must also use the Canadian national “do not call” list to block calls if the company does not have an existing business relationship with the consumer.
For our Canadian consumer directory, we offer consumers the ability to have their listing removed or, in other words, opt out, at no charge. For our Canadian business directory we offer the ability to remove or correct an inaccurate listing at no charge. In addition, if the business so requests, for a fee, we will publish a corrected yellow or white page listing to all our clients who get our business directory. Business owners and consumers can contact us by calling our consumer care department at a 1-877 number here in the U.S., which works in Canada. They can also opt out of our directory products by going online to Acxiom's corporate website, www.acxiom.com, and completing an opt-out request form. We also ask any client who uses our data to refer a consumer to us who asks about the source of the data. Opting out removes the listing from the next monthly maintenance cycle for the directory and our clients receive the update in their next scheduled update cycle. We also inform consumers who want to have their data removed from the Internet that they should contact the directory search engines directly. If they want their data removed more quickly then the site will receive an update from Acxiom.
This is a wise step to take, because there are other providers of such directories, and the search engine may not have gotten the listing exclusively from Acxiom.
As I hope our comments illustrate, Acxiom has a culture of respecting consumer privacy, and where laws exist, of honouring the obligations the law places on us and our clients in using personal data. Informational hearings such as this one are very helpful in informing all parties about how personal information can be appropriately used.
Mr. Chairman, I appreciate the opportunity to appear here today and am available to provide any additional information the committee may request.
Thank you.
:
Yes. Let me start with Canada, because it's pretty simple, and then I'm happy to describe what we do in the U.S., which is far more complex.
In Canada, we match name and address and telephone number, because these are telephone directory listings and we have a phone number for every record.
We append census data to that based on geography.
We would take your census file, which is at a geographic level, and then we would append census characteristics to the individual record. If someone were using it for direct marketing purposes or telemarketing purposes, they would have more information about the individual than just their name, address, and phone number. That's a fairly simple process.
In the U.S. and in other countries, we will match names and addresses. We will match telephone numbers when we have them. When we're not dealing with directories exclusively, we may have records that do not have a telephone number on them.
We would use the highest, most accurate information we have available in the record. Part of our matching algorithm—I think it's something that any good data company that collects and assimilates data from multiple sources needs to do—is to have quality standards related to the data integration or data matching.
For instance, take an initial; my name might come in from one source as “J.” Glasgow, or it might come in as “Jennifer” Glasgow. If I lived in an apartment building, I might have the street address but be missing the apartment in one record. We would go through a data hygiene process to try to standardize and clean up, to the degree we can, any inconsistencies in the address or misspellings of maybe street names or other things like that. Then we would match records together to try to determine if we have information about the same person or household from multiple sources that could be integrated together to build a composite of information.
That's how we get, as the earlier member discussed, up to 1,500 different data elements on one individual and household.