[ad_1]
The Data Protection Commission (DPC) has sanctioned Twitter with a € 450,000 fine for its handling of a data breach under the General Data Protection Regulation (GDPR).
The DPC opened an investigation into Twitter in January 2019 after the company publicly revealed that it had inadvertently made the private tweets of some users public.
The regulator found that the social media company did not promptly disclose or properly document the violation.
It is the first cross-border GDPR decision of its kind by the commission, which acts as the European Union’s chief privacy supervisor for several tech giants.
The watchdog described the fine as “an effective, proportionate and dissuasive measure”.
The regulation requires that most personal data breaches be reported to the relevant supervisory authority within 72 hours after the controller becomes aware of the breach.
It also stipulates that they document what data was involved and how they responded to the security incident. Twitter was found to fail on both counts in this case.
The RGPD allows the imposition of fines of up to 30 million euros or 4% of global turnover, whichever is greater, to companies that do not comply with the regulations.
No news is bad news
Support the magazine
your contributions help us continue to deliver the stories that are important to you
Support us now
Twitter said that an unanticipated consequence of the staffing between Christmas Day 2018 and New Year’s Day caused the commission to be notified outside of the 72-hour period.
“We have made changes so that all incidents after this have been reported to the DPC in a timely manner,” he said.
We take responsibility for this error and remain fully committed to protecting our customers’ privacy and data, including through our work to inform the public quickly and transparently about issues that occur.
[ad_2]