Digital platforms

Twitter, Inc.

Rank: 1st
Score: 53%

Headquartered in the United States, Twitter is a microblogging and social networking service with an estimated 340 million users worldwide. Twitter also offers targeted advertising services and developer tools.

Twitter earned the top spot among digital platforms, disclosing more than all other platforms about policies affecting freedom of expression. In 2020, the company took a number of steps to control disinformation on its platform ahead of the U.S. presidential election, including by banning political advertising. It made headlines in early 2021 after banning then-U.S. president Donald Trump for violating platform rules. This decision sparked concern among civil society about Twitter’s ability to enforce its content rules consistently. Nevertheless, our research showed that Twitter reported more data about what actions it took to enforce its platform rules, such as removing content or suspending accounts, than any of its peers. It also stood out for its transparency about its handling of government demands to censor content. Although it had one of the highest privacy scores after Apple, it did not disclose enough about security policies. This is especially noteworthy in light of Twitter’s major security breach in 2020, in which hackers took control of high-profile accounts, including those of Barack Obama, Joe Biden, and Elon Musk.

Key takeaways

  • Twitter reported more data about the actions it took to enforce its platform rules, such as removing content or suspending accounts, than any of its peers.
  • Twitter disclosed more data about the government demands to censor content or to hand over user information that it receives than most of its U.S. peers.
  • Twitter lagged behind on human rights due diligence. The company provided limited evidence of conducting risk assessments on government regulations but failed to show any evidence of conducting assessments in other areas, such as on its development and use of algorithmic systems or on its targeted advertising policies and practices.

Key recommendations

  • Commit to rights-respecting algorithms. Twitter should publish an explicit policy commitment to protect human rights in its development and use of algorithmic systems.
  • Conduct human rights due diligence. Twitter should conduct robust, systematic risk assessments to identify expression, privacy, and discrimination risks posed by business operations and services. The scope of these assessments should include evaluating its targeted advertising policies and its development and use of algorithms.
  • Clarify security policies. Twitter should improve disclosure of its policies for addressing data breaches and regarding encryption of internet traffic.

Services evaluated:

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Zak Rogoff, Veszna Wessenauer

Changes since 2019

  • Twitter disclosed for the first time that its board of directors exercises formal oversight over how company practices affect privacy, and made it clear that it trains staff on privacy issues.
  • Twitter clarified its process for responding to non-judicial government demands for content or account restrictions.
  • Twitter lost credit on security indicators because some of its encryption policies are outdated.
+ 0.27 points

Gained 0.27 points on comparable indicators since the 2019 RDR Index.

Governance47%
Freedom of expression60%
Privacy51%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 47%

Despite earning the top overall score in the RDR Index, Twitter fell short on governance and oversight of human rights issues in key areas.

  • Commitment to human rights: Twitter pledged to respect users’ freedom of expression and privacy rights. However, it did not publish an explicit commitment to respect human rights in developing and using algorithms (G1).
  • Human rights due diligence: The company was notably weak on human rights due diligence. Twitter revealed limited information about its human rights risk assessments of government regulations when launching new products or entering new markets (G4a). It gave no evidence of conducting human rights impact assessments related to its own policy enforcement, or on its development and use of algorithmic systems, or on its targeted advertising policies and practices (G4b-d).
  • Stakeholder engagement: Twitter is not a member of the Global Network Initiative or any other independent, multistakeholder organization (G5). But the company does engage with civil society on freedom of expression and privacy issues, including through its Trust and Safety Council.
  • Remedy: Twitter’s complaints mechanisms were stronger than those of Google and Facebook, but it was not clear how users could submit grievances related to privacy (G6a).Twitter let users appeal some types of content moderation decisions but did not explain exactly which types of moderation decisions are subject to appeal. It did not describe its process for reviewing appeals, or the role of automation in reviewing appeals (G6b).

Freedom of expression 60%

Twitter earned the highest score in this category, outscoring Facebook by 25 points.

  • Content moderation: Twitter’s content rules were easy to find and understand (F1a), but lacked clarity about how these rules are enforced (F3a). It reported more data on the content removed and accounts suspended for rules violations than its peers (F4a, F4b).
  • Algorithmic use and content curation: Twitter published a page explaining the company’s flagship timeline feature and a blog post on how Timeline employs algorithms, but these pages were not easy to find (F1d). These policies did not reveal much information about the variables used to curate Timeline content, but Twitter did give users the opportunity to deactivate algorithmic content curation altogether (F12). Twitter published more information about its bot policies than any other platform (F13).
  • Advertising content and targeting: Twitter’s ad content policies and targeting rules were hard to find and scattered across multiple documents, but were easy to understand (F1b, F1c). Twitter did a better job than most companies of explaining what types of advertising content and targeting are prohibited, how advertising is labelled, and how violations of these rules are identified (F3b, F3c). However, it failed to disclose data about ads removed or accounts suspended for violating ad content or targeting rules (F4c).
  • Censorship demands: Twitter had strong transparency around censorship demands that come directly from governments (F5a, F6) and disclosed more data than its peers about private content and account takedown requests (F7).

Privacy 51%

Twitter trailed Apple for second place in the privacy category, together with Verizon Media and Microsoft.

  • Handling of user information: Twitter published clear policies on what types of user information it collects and how (P3a), but it was less clear about what user information it infers (P3b). Twitter also did not publish any policies detailing how this user information is used to train and develop algorithms (P1b) or whether it provides users with options to control how their user information is used for the development of algorithmic systems (P7).
  • Government and private demands for user information: Twitter’s Guidelines for Law Enforcement were clear about how the company responds to government demands for user data (P10a) but did not describe how it responds to private requests (P10b). Like other U.S. companies, it did not divulge the exact number of requests received for user data under the Foreign Intelligence Surveillance Act or National Security Letters, or the actions it took in response to these requests, since it is prohibited by law from doing so.
  • Security: Twitter provided little information about its security policies, falling behind Apple, Microsoft, Baidu, Kakao, Verizon Media, and Yandex. Twitter also fell short in explaining internal protocols for keeping user data secure: its Code of Conduct indicated that it has security protocols in place limiting unauthorized employee access to user information, but it was not clear whether it also monitors these protocols (P13). It failed to disclose any information about how it responds to data breaches (P15). Twitter’s security score declined in 2020 because it did not make it clear whether it still uses forward secrecy, an important element of encryption (P16).