[jcranmer]

First off, it's "HIPAA", not "HIPPA."

Secondly, I'm specifically responding to GP's assertion that letting people access the databases on-prem would make any privacy concerns go away. I'm expressing no opinions on the matter of the first place of if those privacy concerns are warranted.

Thirdly, at this point, I would personally be highly skeptical that an NDA would actually provide any meaningful protection when Musk is the one signing it. His recent actions indicate to me a very high disregard for any contractual obligations he enters on, in the apparent belief that he will face zero material repercussions for anything he violates.

[jklinger410]

Thanks for correcting my spelling. But fundamentally there is no problem with anyone looking at the data with Twitter's blessing.

The comment you were referring to says "because that data includes a ton of PII."

But PII isn't a concern here. Unless we're talking about sharing usernames and passwords, there aren't really any protections in Twitter's TOS for the information you willingly provide to them.

[MrJohz]

Assuming the data includes that of Europeans, then there is a problem: users must be aware of how their data is to be used from the beginning (and must be able to opt out of data use at any time), and that data usage must be minimal. Most companies have rules against over-sharing PII between different departments, let alone sharing that data with people external to the business.

[davidbarker]

+1 to this comment.

PII doesn’t just mean usernames and passwords (which the OP seemed to suggest is the case). It’s anything — or any combination — of data that could be associated with someone and identify them.

[mrguyorama]

California ALSO has a GDPR style law that twitter would be beholden to

[piva00]

I live in the EU and Twitter has my data, any handling of that data to a new unspecified 3rd party needs to fall under GDPR guidelines. Musk can't just go to Twitter HQ and look at my data, it's illegal.

I own my data, Twitter is merely handling it. Stop with this presumption that data is Twitter's. Even California has similar provisions on data privacy.