[ad_1]
The Irish Data Protection Commissioner has announced a fine of 450,000 euros on Twitter for data breaches under the GDPR.
It is the first fine to a multinational technology company by the Irish regulator since the GDPR was introduced.
The amount of the fine was disputed among European regulators, and other countries were unhappy with the scale of the penalty. Germany wanted to impose a fine of between € 7 million and € 22 million on Twitter, which reported annual revenue of $ 3.46 billion (€ 2.7 billion) in 2019. Under GDPR rules, European data regulators can fine companies up to 4% of your annual turnover.
However, the Irish office says the € 450,000 is an “effective, proportionate and deterrent measure”.
The DPC investigation began in January 2019 after Twitter itself notified the office of a breach, meaning some private tweets were publicly available. This was due to a bug that affected Twitter users who wanted to use its ‘Protect my tweets’ feature. The bug meant that the feature didn’t work for some Android phone users. Twitter admits that because of this, some users may have unknowingly posted their tweets publicly since 2014.
The Irish regulator appears to have viewed the infringement itself as not particularly serious, instead highlighting Twitter’s lack of rush to notify the Irish DPC about it. Twitter had 72 hours to notify the Irish regulator, but failed to do so.
“The DPC has found that Twitter violated Article 33 (1) and 33 (5) of the GDPR in terms of not reporting the violation in time to the CPS and not properly documenting the violation,” the regulator’s office said.
“The DPC has imposed an administrative fine of € 450,000 on Twitter as an effective, proportionate and dissuasive measure.”
The fine, like all GDPR fines imposed by the Irish regulator, goes to the Irish state.
Twitter says the reporting error is due to staff confusion.
“An unforeseen consequence of staffing between Christmas Day 2018 and New Year’s Day prompted Twitter to notify [the Irish Data Protection Commissioner] outside the 72-hour legal notification period. We have made changes so that all incidents after this have been reported to you in a timely manner, “said a spokesperson for the technology company.” We take full responsibility for this error and are fully committed to protecting our customers’ privacy and data. , including through our work to inform the public quickly and transparently about problems that occur. We’re sorry it happened. “
The fine comes a week after Facebook said it had set aside € 302 million for potential regulatory fines in Europe, stemming primarily from investigations by Helen Dixon’s office.
Irish Commissioner Helen Dixon is the main supervisory authority for Twitter in the EU. His office distributed a draft decision to other European data protection authorities in May, but some countries were not happy with it. The matter was referred as a “dispute resolution procedure” to the European Data Protection Board. On November 10, that body said it had made its own determination and that the Irish DPC had one month to finalize and announce the decision.
The move comes ahead of the DPC’s legal showdown against Facebook in High Court this week. In August, the social media giant launched a judicial review process against the regulator. Facebook hopes to overturn both an investigation and a preliminary decision by Helen Dixon’s office on the issue of personal transfers from the EU to the US The preliminary decision would put an end to Facebook’s transfers of the personal data of millions of users. from the EU to the US
Online editors
[ad_2]