Ireland’s Data Protection Commission (DPC) has fined Twitter €450,000 over a data breach it disclosed back in January 2019. The security flaw exposed some supposedly private tweets from the service’s Android users for over four years. Twitter was found to have violated the EU’s General Data Protection Regulation (GDPR) because it failed to notify the regulator within 72 hours of discovering the breach.
The fine is notable because it’s the first time a US tech giant has been hit with a GDPR fine in a cross-border case, meaning one in which the Irish regulator consulted its EU counterparts as part of the decision. The investigation was headed by Ireland’s DPC because Ireland is where Twitter’s international headquarters are based. This cross-border process is part of the reason why it’s taken so long to issue this fine.
The amount of the GDPR fine is not particularly noteworthy when stood up next to Twitter’s annual revenue of nearly $3.5 billion. However, it was also a relatively minor issue in that it did not disclose any personal information that the data subject did not voluntarily put into a protected tweet.
The Irish DPC issued the following statement on the fine: “The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure.”
Twitter tweeted following the DPC’s announcement that it took full responsibility for its mistake and remains committed to protecting the data of its customers, adding: “We appreciate the clarity this decision brings for companies and the public around the GDPR’s breach notification requirements. As always, our approach to these incidents will remain one of committed transparency and openness.”
For further information on the “Twitter case” please click here.
Source: www.riskcompliance.biz