Ireland’s data regulator has fined Twitter 450,000 euros (approximately $547,000) to get a bug that made some personal tweets general public, the very first sanction from a major US tech company under a new EU dispute mechanism, but much less than some EU states demanded.
The European Union’s General Data Protection Regulation’s (GDPR) “One Stop Shop” program makes Ireland’s Data Protection Commission (DPC) lead writer of Twitter, Facebook, Apple and Google from the bloc, due to the location of their EU headquarters in the Nation.
GDPR was in force since 2018, but the Twitter situation is the first with a new dispute settlement system under which one lead national regulator makes a choice before consulting with the other EU national regulators.
The DPC, that has more than 20 major questions into US technology companies open, can impose penalties for violations of up to 4% of a provider’s global revenue or 20 million euros, whichever is greater.
It had the ability to fine Twitter $60 million over a bug in its Android app found in early 2019, in which a few users’ protected tweets were made public. The penalty was capped at 2% of annual turnover as it was deemed a less severe infringement.
In its final ruling on Tuesday, the Irish DPC said it had originally sought to impose a fine of $150,000-$300,000.
It said the punishment was a “proportionate and dissuasive step” over Twitter’s failure to both notify the breach on time and adequately document it.
Twitter said in a statement the delay in reporting the incident was an “abrupt result of staffing between Christmas Day 2018 and New Years’ Day” and that it had made changes so that future incidents would be reported in a timely manner.
“We take full responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers,” the announcement, published on Twitter, stated.
Twitter is the subject of at least two other queries by the Irish ruler.
“Notwithstanding the inevitable criticism that it is not ‘enough’, this is still the first shot across the bows in Ireland for one of the big tech players,” said Rafi Azim-Khan, Head of Data Privacy in Pillsbury Law.
The team at Platform Executive hope you have enjoyed this news article. Initial reporting via our official content partners at Thomson Reuters. Reporting by Jonathan Landay. Editing by Steve Orlofsky.
Stay on top of the latest developments across the platform economy and gain access to our problem-solving tools, proprietary databases and content sets by becoming a member of our community. For a limited time, premium subscription plans start from just $7 per month.