Social media company Twitter has admitted that an internal bug in its ad targeting system means that the site shared user data with advertising partners without consent.

TechCrunch reports that following Twitter’s disclosure in May of a bug that under certain conditions shared an account’s location data with a Twitter ad partner during real-time bidding auctions, the company has revealed that yet again user data has been accidentally shared with advertisers without users permission.

The company revealed in a blog post in its Help Center that it “recently” found a number of “issues” with users’ ad settings choices that “may not have worked as intended.” The company claims that the issues were fixed on August 5 but does not specify when it was made aware of the error which caused user data to be processed without consent.

The first bug related to the tracking of user’s interactions with advertisements on the platform. Twitter claims that if a user interacted with an ad for a mobile application or on the mobile app, Twitter “may have shared certain data (e.g., country code; if you engaged with the ad and when; information about the ad, etc)” with advertising partners.

It appears that this bug may have been active since May of 2018 when the European privacy framework, GDPR, came into effect meaning that the date that Twitter became aware of the bug could be very important for the firm. If the social media site failed to make users aware of the issue in a timely manner, it could face serious fines from European regulators.

Twitter further admits that since September 2018 it has been serving targeted ads to users that specifically stated that they didn’t want their web browsing habits tracked. Twitter explained this issue stating: “As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so.” The company adds: “The data involved stayed within Twitter and did not contain things like passwords, email accounts, etc.” The key issue, however, is that users did not consent to their information being tracked.

Twitter further states in its blog post:

We know you will want to know if you were personally affected, and how many people in total were involved. We are still conducting our investigation to determine who may have been impacted and If we discover more information that is useful we will share it. What is there for you to do? Aside from checking your settings, we don’t believe there is anything for you to do. You trust us to follow your choices and we failed here. We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again. If you have any questions, you may contact Twitter’s Office of Data Protection through this form.

Breitbart News will continue to follow Twitter’s treatment of user data.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or email him at lnolan@breitbart.com