Twitter had looked set to become the first big platform business to face a fine by Ireland’s Data Protection Commission under tough new EU data protection rules after it submitted the decision to other member states in May.
Under the EU’s General Data Protection Regulation’s (GDPR) “One Stop Shop” regime introduced in 2018, regulators may impose fines for violations of up to 4 percent of a company’s global revenue or 20 million euros (approximately $22 million), whichever is greater.
However, it must discuss its preliminary conclusion with all worried EU supervisory authorities (CSAs) and consider their views in its final decision.
“A number of objections were raised by CSAs and the DPC engaged in a consultation process with them,” Graham Doyle, Deputy Commissioner in the Irish DPC, said in a statement.
As a number of objections were maintained, the DPC has referred the matter to the European Data Protection Board (EDPB), he added.
The EDPB currently has one month to reach a two-thirds bulk among member states and if this fails, a further month to look for an absolute majority. If it can’t find agreement, the chair of the board will cast the deciding vote.
The Twitter ruling relates to a bug in its Android program where some users’ protected tweets were made public, and whether it informed the regulator in a timely way. The DPC had 20 additional probes open into big technology firms at the end of 2019.
The team at Platform Executive hope you have enjoyed this news article. Initial reporting via our content partners at Thomson Reuters. Reporting by Padraic Halpin. Editing by Kirsten Donovan.
To stay on top of the latest developments across the platform economy and gain access to our problem-solving tools and content sets, you can become a member for just $7 per month.