6 years, 10 months ago

Are Direct Messages really private, or not?

Social media have penetrated our lives. We share ideas, experiences, thought, complaints, and compliments with everybody. At the same time we see quite some controversy concerning the  privacy policies of companies such as Facebook and Twitter. Some people even think that European privacy regulation does not apply to them, as they are US-based companies. 

In our research project “New Models for the Social Enterprise” privacy regulation was one of the topics we tackled. The good news is that we as consumers outside the US are still governed by EU regulation and national policies. If a Dutch company, for example, uses data from Twitter to analyze what is mentioned concerning their brand, the mood etc., Dutch laws apply (the Wet Bescherming Persoonsgegevens). The data collecteda and analysed  by social media mining companies, such as Coosto, falls under the jurisdiction of country they work. If a company uses or stores Tweets, Facebook messages etc., they are data processors themselves. This does not hold for the use or storage of aggregated data that cannot be linked to individual users (which is not the same as anonymised data; data hardly ever is anonymous if collected in larger quantities…).

Mail exchange between companies and customers, or mail in general, is private. This brought the question to my mind whether or not direct messages in, for example, Twitter, are really private or not? In the example data we had from Twitter, direct messages did not appear, but this could be coincidental. The privacy rules of Twitter  do not mention direct messages.

In order to get clarification, we simply asked Twitter (privacy@twitter.com), on April 24th:

Dear sir, madam, 

I have been a frequent and enthusiastic user of Twitter, and will be so in the years to come, I expect. However, I do have a question concerning privacy. Everything I tweet is open to the public, and tweets are brought together and sold for business purposes to companies etc. So much is clear.

Direct messages, however, give the feeling of being private, similar to e-mail messages. From your privacy statement I cannot derive whether of not DMs are treated differently than normal tweets. I.e., are they also analyzed, aggregated and/or sold to third parties? 

 Kind regards,


It took a while and some friendly reminders, but in the end, I received an answer:


Encouraging, to say the least. Everything in a DM remains within Twitter and is not shared or sold. Maybe the answer above is not a legally correct answer, but still, it is clear. The use of DM’s is common in webcare, but should be used wisely. It is more effective to make sure the mail addresses of customers are known and correct and to use mail for information that is personal or private. Mail is an effective means for communication, easy to store and archive, and legally binding. Social media have a role in a swift and informal discussion. Use it wisely in a business relation.

Wil Janssen is managing director of InnoValor and guest author for our blog. InnoValor and BiZZdesign are research partners in the ‘New Models for the Social Enterprise’ project.