[jcranmer]

I can't even. The potential privacy violations are the same whether you're giving the database to the other party or letting the other party come to your premises to have sufficient access to the database. No wait, I take that back: they might see (very slightly more) stuff by walking on-site.

It's the data being requested that's a privacy violation, not the place where that data is viewed.

[jklinger410]

Twitter owns the data, stop acting like it is HIPPA data. Completely unsure where you are getting this PII concern from. They could change their TOS and release everything in a plain text file if they so pleased.

It is 100% legal and ok for them to look at every piece of information they have about every account and analyze it for bot activity, or allow Elon's team to look at the same data.

[jcranmer]

First off, it's "HIPAA", not "HIPPA."

Secondly, I'm specifically responding to GP's assertion that letting people access the databases on-prem would make any privacy concerns go away. I'm expressing no opinions on the matter of the first place of if those privacy concerns are warranted.

Thirdly, at this point, I would personally be highly skeptical that an NDA would actually provide any meaningful protection when Musk is the one signing it. His recent actions indicate to me a very high disregard for any contractual obligations he enters on, in the apparent belief that he will face zero material repercussions for anything he violates.

[jklinger410]

Thanks for correcting my spelling. But fundamentally there is no problem with anyone looking at the data with Twitter's blessing.

The comment you were referring to says "because that data includes a ton of PII."

But PII isn't a concern here. Unless we're talking about sharing usernames and passwords, there aren't really any protections in Twitter's TOS for the information you willingly provide to them.

[MrJohz]

Assuming the data includes that of Europeans, then there is a problem: users must be aware of how their data is to be used from the beginning (and must be able to opt out of data use at any time), and that data usage must be minimal. Most companies have rules against over-sharing PII between different departments, let alone sharing that data with people external to the business.

[davidbarker]

+1 to this comment.

PII doesn’t just mean usernames and passwords (which the OP seemed to suggest is the case). It’s anything — or any combination — of data that could be associated with someone and identify them.

[mrguyorama]

California ALSO has a GDPR style law that twitter would be beholden to

[piva00]

I live in the EU and Twitter has my data, any handling of that data to a new unspecified 3rd party needs to fall under GDPR guidelines. Musk can't just go to Twitter HQ and look at my data, it's illegal.

I own my data, Twitter is merely handling it. Stop with this presumption that data is Twitter's. Even California has similar provisions on data privacy.

[davidbarker]

I don’t know about the situation in the US, but the EU and other countries bound by GDPR — where Twitter operates — take PII very seriously.