Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Dublin: 17°C Monday 15 August 2022

Data Protection Commission fines Twitter €450,000 over GDPR breach

It’s the first time a big tech company has been penalised under GDPR rules.

Image: Shutterstock/Nopparat Khokthong

THE DATA PROTECTION Commission (DPC) has issued Twitter with a fine of €450,000 for its handling of a data breach under the General Data Protection Regulation (GDPR). 

The DPC opened an investigation into Twitter in January 2019 after the company publicly disclosed that it had inadvertently made some users’ private tweets public.

The regulator found that the social media company failed to promptly declare and properly document the breach.

It’s the first such cross-border GDPR  decision by the commission, which serves as the lead European Union privacy supervisor for a number of tech giants.

The watchdog described the fine as “an effective, proportionate and dissuasive measure”.

The regulation requires most breaches of personal data to be notified to the relevant supervisory authority within 72 hours of the controller becoming aware of the breach.

It also stipulates that they document what data was involved and how they’ve responded to the security incident. Twitter was found to have failed on both counts in this case.

GDPR allows for fines of up to €30 million or 4% of global turnover, whichever is higher, to be imposed on companies that breach the regulation.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Twitter said an unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day resulted in it notifying the commission outside of the 72 hour period.

“We have made changes so that all incidents following this have been reported to the DPC in a timely fashion,” it said.

We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.

About the author:

Céimin Burke

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel