X (formerly Twitter) Configuration
How to embed X (formerly Twitter) on your website and properly map these configurations within the customer panel to ensure users are clearly informed about the use of this Third Party Provider (TPP). The tables below outline how embedding X (formerly Twitter) on your website affects the privacy risks for users.
High Privacy Risk: Twitter/X embeds create direct connections to X Corp servers, enabling comprehensive tracking across the platform ecosystem.
Consent Requirement: Always obtain explicit opt-in consent before loading X content through blocking the iframe and collecting contextual consent.
Joint Controller Considerations: Depending on implementation, you may have joint controller responsibilities with X Corp.
Privacy relevant configurations (Parameters)
This table shows features which are enabled or disabled within X (formerly Twitter). Use this overview to ensure your X setup and Consenter Manager settings stay consistent.
Each row represents a feature that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the feature, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Parameters | ➡️ X Config High risk (Consent) | ➡️ Consenter Manager Config What to indicate in Consenter Manager when embedding X on your website |
|---|---|---|
| Consent | Yes (Opt-In) - Required before loading X embed | Select X as data recipient |
| Data processing agreement | No (Controllership) - X Corp acts as independent controller | Select: Independent Controller as legal role of data recipient |
| Tracking method | Cross session, cross domain, cross device (X Pixel & platform integration) | Select: Cross-session, cross-domain, cross-device tracking |
| Identifier | X account data, X cookies, device fingerprinting | Select respective data categories: - Direct identifiers (if logged into X) - Device identifiers - Probabilistic identifiers |
| Retention Period | 18+ months (X's standard retention) | Indicate maximum storage duration: 18+ months |
| Processing location | US/Global (X Corp servers worldwide) | ❗Attention: Always indicate USA as primary data processing location. X Corp is a US-based company subject to US legislation including CLOUD Act and FISA. |
| Advertising Features | Enabled - Data used for X advertising network | Select additional marketing purposes: Personalized advertising |
Data categories
This table details the categories of data collected by X (formerly Twitter). Use this overview to ensure your X setup and Consenter Manager settings stay consistent.
Each row represents a data category that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the data category, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Collected Data Categories | ➡️ X Config High risk (Consent) | ➡️ Consenter Manager Config What to indicate in Consenter Manager when embedding X on your website |
|---|---|---|
| IP Address | IP address (plain) | Select respective data category. |
| Technical data - Device characteristics - Browser/OS data | Yes | Select data category: Device characteristics |
| Social media interaction data | Yes - Likes, retweets, replies, quote tweets, follows, viewing behavior | Select data category: - Browsing and interaction data - Social media interaction data |
| Geo-location info | Precise location (if device permissions granted) | Select data category: - Precise location data - Non-precise location data |
| User Authentication Data | Yes - X account information if logged in | Select data category: - Authentication-derived identifiers - Users' profiles - User provided data |
| Device identifiers | Yes - Multiple identifiers (cookies, device IDs, fingerprints) | Select data category: Device identifiers |
| Probabilistic identifiers | Yes - Device fingerprinting, browser fingerprints | Select data category: Probabilistic identifiers |
| Tweet content analysis | Yes - Analysis of embedded tweet content and user interaction patterns | Select data category: - Browsing and interaction data - Social media interaction data |
| Special categories of personal data | Potentially - Depending on X content shown (e.g., political opinions, health information visible in posts) | Assess content risk and select if applicable |
| Privacy choices | Yes - X privacy settings, ad preferences, personalization settings | Select data category: Privacy choices |
For technical integration guides (code implementation), see X Integration Guide →
Last updated on