#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 7°C Sunday 29 May 2022

Data Protection Commission completes probe into Twitter's handling of data breach

Fines for breaches of GDPR can reach €20 million or up to 4% of a company’s turnover for the previous year.

File photo. Inside Twitter's HQ in Dublin.
File photo. Inside Twitter's HQ in Dublin.
Image: Sam Boal/Rollingnews.ie

THE DATA PROTECTION Commission (DPC) has said it has completed its investigation into whether Twitter has broken rules under the landmark General Data Protection Regulation (GDPR).

It is the first of the organisation’s probes into big tech firms to be completed.

It centres on a data breach that Twitter reported to the DPC back in November 2018. The DPC looked at whether the social media giant handled the breach correctly, how prompt it was reported it to the authorities, and record keeping around the breach. 

In a statement this evening, the DPC also confirmed it had levied another fine against Tusla in relation to an investigation around sensitive data being posted on social media. Last week, the Sunday Times reported Tusla had become the first organisation in Ireland to be fined over a GDPR breach. 

The conclusion of the investigation into Twitter – the findings of which remains confidential at this time – could see the first major fine handed out by the DPC to one of the big social media firms.

The punishment for companies in breach of GDPR is a maximum fine of €20 million or up to 4% of their turnover for the previous year, whichever is higher.

The DPC said this development was among a number related to big tech firms this week.

Deputy commissioner Graham Doyle said: “In addition to submitting this draft decision to other EU supervisory authorities, we have this week sent a preliminary draft decision to WhatsApp Ireland Limited for their submissions which will be taken in to account by the DPC before preparing a draft decision in that matter also for Article 60 purposes.

The inquiry into WhatsApp Ireland examines its compliance with Articles 12 to 14 of the GDPR in terms of transparency including in relation to transparency around what information is shared with Facebook.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

It has also progressed to the “decision phase” into a separate probe initiated on foot of a complaint which focuses on Facebook Ireland’s obligations to establish a lawful basis for personal data process.

The DPC added it has also furnished drafts of reports on separate investigations into Instagram and WhatsApp. 

About the author:

Sean Murray

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel