Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

File photo. Inside Twitter's HQ in Dublin. Sam Boal/Rollingnews.ie
GDPR

Data Protection Commission completes probe into Twitter's handling of data breach

Fines for breaches of GDPR can reach €20 million or up to 4% of a company’s turnover for the previous year.

THE DATA PROTECTION Commission (DPC) has said it has completed its investigation into whether Twitter has broken rules under the landmark General Data Protection Regulation (GDPR).

It is the first of the organisation’s probes into big tech firms to be completed.

It centres on a data breach that Twitter reported to the DPC back in November 2018. The DPC looked at whether the social media giant handled the breach correctly, how prompt it was reported it to the authorities, and record keeping around the breach. 

In a statement this evening, the DPC also confirmed it had levied another fine against Tusla in relation to an investigation around sensitive data being posted on social media. Last week, the Sunday Times reported Tusla had become the first organisation in Ireland to be fined over a GDPR breach. 

The conclusion of the investigation into Twitter – the findings of which remains confidential at this time – could see the first major fine handed out by the DPC to one of the big social media firms.

The punishment for companies in breach of GDPR is a maximum fine of €20 million or up to 4% of their turnover for the previous year, whichever is higher.

The DPC said this development was among a number related to big tech firms this week.

Deputy commissioner Graham Doyle said: “In addition to submitting this draft decision to other EU supervisory authorities, we have this week sent a preliminary draft decision to WhatsApp Ireland Limited for their submissions which will be taken in to account by the DPC before preparing a draft decision in that matter also for Article 60 purposes.

The inquiry into WhatsApp Ireland examines its compliance with Articles 12 to 14 of the GDPR in terms of transparency including in relation to transparency around what information is shared with Facebook.

It has also progressed to the “decision phase” into a separate probe initiated on foot of a complaint which focuses on Facebook Ireland’s obligations to establish a lawful basis for personal data process.

The DPC added it has also furnished drafts of reports on separate investigations into Instagram and WhatsApp. 

Your Voice
Readers Comments
4
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel