Twitter fined €450,000 under EU data privacy rules in world first
Social networking site Twitter has been fined €450,000 ($547,000) under the EU’s GDPR law in a world first, for failing to provide a timely report about a data breach that made some private tweets public.
Ireland’s Data Protection Commission (DPC) slapped Twitter with the fine for infringing the European General Data Protection Regulation (GDPR) by failing to swiftly inform users about and ensure it documented a data breach.
The 2019 incident saw private tweets posted by individuals who used Twitter’s Android app exposed, due to a security flaw, when they made changes to the accounts, such as updating their email addresses.
In a statement, the Irish data watchdog said it had “found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach”.
This is the first time such a fine has been levelled against a US tech company under the EU privacy law. However, there are currently more than 20 ongoing investigations into other companies, including Apple, Facebook, Google, LinkedIn, and WhatsApp. Twitter is also currently the subject of two further probes by the Irish DPC.Also on rt.com UK warns Facebook, Twitter & other social platforms to better protect users from harmful content or face huge fines
GDPR requires companies to report data breaches to the relevant authority within 72 hours of becoming aware of the incident, to contact individuals who might have been affected by the situation, and keep a record of it.
Responding to the DPC decision, Twitter Chief Privacy Officer Damian Kieran said, “We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.”
Ireland’s DPC had initially looked at ordering Twitter to pay a fine of €150,000 to €300,000, but decided to increase the punishment following arguments from Austrian, German, and Italian authorities that the original figure was not significant enough.
Depending on the severity of the violation, regulators are entitled to levy a fine of up to four percent of the company’s global revenue, or $22 million.
Like this story? Share it with a friend!