Ireland’s Data Regulator Fines Twitter Under EU Data Privacy Laws

Ireland’s data regulator, on Tuesday, 15 December, has fined Twitter with 450,000 euros ($547,000), for a security breach that the company reported in January 2019. The punishment has been a first for a US tech company since the EU’s strict General Data Protection Regulation (GDPR) took effect in 2018, reported Associate Press.

“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers,” said the social networking giant, according to Associate Press.

The breach happened because of a bug that made some private tweets public. The regulator said the punishment was of a “proportionate and dissuasive measure” over Twitter’s failure to both notify the breach on time and adequately document it, reported Reuters.

Twitter defended the delay, saying it happened because of an “unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day”, and they’ve made changes to not repeat this incident in the future, reported Reuters.

Under the GDPR, Ireland becomes the DPC regulator for Twitter, Facebook, Apple and Google, as part of the “one-stop shop” system, due to their location of EU headquarters in the country, reported Associate Press.

However, Ireland has faced criticism for taking too long to decide on cases, and this particular decision was delayed after other EU member states objected to the draft penalty amount.

“Notwithstanding the inevitable criticism that it is not ‘enough’, this is still the first shot across the bows in Ireland for one of the big tech players,” said Rafi Azim-Khan, Head of Data Privacy at Pillsbury Law, as quoted by Reuters.

(With inputs from Reuters and Associate Press)