The changes, which will take effect on Jan. 1, 2020, will comply with the California Consumer Privacy Act (CCPA).





The California law requires large businesses to give consumers more transparency and control over their personal information, such as allowing them to request that their data be deleted and to opt out of having their data sold to third parties.





Social media companies including Facebook Inc and Alphabet Inc’s Google have come under scrutiny on data privacy issues, fueled by Facebook’s Cambridge Analytica scandal in which personal data were harvested from millions of users without their consent.





Twitter also announced on Monday that it is moving the accounts of users outside of the United States and European Union which were previously contracted by Twitter International Company in Dublin, Ireland, to the San Francisco-based Twitter Inc.





The company said this move would allow it the flexibility to test different settings and controls with these users, such as additional opt-in or opt-out privacy preferences, that would likely be restricted by the General Data Protection Regulation (GDPR), Europe’s landmark digital privacy law.





“We want to be able to experiment without immediately running afoul of the GDPR provisions,” Twitter’s data protection officer Damien Kieran told Reuters in a phone interview.





“The goal is to learn from those experiments and then to provide those same experiences to people all around the world,” he said.





The company, which said it has upped its communications about data and security-related disclosures over the last two years, emphasized in a Monday blog post that it was working to upgrade systems and build privacy into new products.





In October, Twitter announced it had found that phone numbers and email addresses used for two-factor authentication may inadvertently have been used for advertising purposes.