The General Data Protection Regulation (GDPR) was rolled out across the EU back in 2018 and since then, we haven’t seen many major fines in the tech or social media space. That changed today, with Ireland’s Data Protection Commission officially fining Twitter €450,000 over a data breach.
The data breach was disclosed by Twitter back in January 2019. The breach exposed private tweets for Android users over the course of four years. Due to this, the Data Protection Commission is ruling that Twitter violated the EU’s GDPR rules, as disclosure of the security breach did not come within 72 hours of it first being discovered.
Ireland’s DPC initially revealed its decision earlier this year, but objections were raised by other regulators. The case then went through a dispute resolution process, which delayed the fine being issued until now.
As pointed out by The Verge, during the dispute resolution process, the DPC was told to increase the amount it was fining Twitter. Initially, they wanted to fine them less than €450,000, but this fell so short of GDPR’s maximum 2 percent annual revenue fine amount that an increase was deemed necessary.
Twitter has since issued a statement saying that due to staffing between Christmas Day 2018 and New Years Day 2019 led to a delay in disclosing the breach. The statement goes on to say “We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers”. So with that in mind, it doesn’t sound like Twitter plans on fighting this at all and will just pay the fine.
KitGuru Says: As one of the social media giants, this won’t impact Twitter’s bottom line all that much. Still, it is interesting to see the first instance of a major tech company tripping over when it comes to GDPR rules in the EU. Hopefully this serves as a warning to companies to continue to protecting user data and that users are warned properly in the instance of a breach.