#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 16°C Tuesday 3 August 2021

Data Protection Commission fines Twitter €450,000 over GDPR breach

It’s the first time a big tech company has been penalised under GDPR rules.

Image: Shutterstock/Nopparat Khokthong

THE DATA PROTECTION Commission (DPC) has issued Twitter with a fine of €450,000 for its handling of a data breach under the General Data Protection Regulation (GDPR). 

The DPC opened an investigation into Twitter in January 2019 after the company publicly disclosed that it had inadvertently made some users’ private tweets public.

The regulator found that the social media company failed to promptly declare and properly document the breach.

It’s the first such cross-border GDPR  decision by the commission, which serves as the lead European Union privacy supervisor for a number of tech giants.

The watchdog described the fine as “an effective, proportionate and dissuasive measure”.

The regulation requires most breaches of personal data to be notified to the relevant supervisory authority within 72 hours of the controller becoming aware of the breach.

It also stipulates that they document what data was involved and how they’ve responded to the security incident. Twitter was found to have failed on both counts in this case.

GDPR allows for fines of up to €30 million or 4% of global turnover, whichever is higher, to be imposed on companies that breach the regulation.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

Twitter said an unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day resulted in it notifying the commission outside of the 72 hour period.

“We have made changes so that all incidents following this have been reported to the DPC in a timely fashion,” it said.

We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.

About the author:

Ceimin Burke

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel