Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Nopparat Khokthong

Data Protection Commission fines Twitter €450,000 over GDPR breach

It’s the first time a big tech company has been penalised under GDPR rules.

THE DATA PROTECTION Commission (DPC) has issued Twitter with a fine of €450,000 for its handling of a data breach under the General Data Protection Regulation (GDPR). 

The DPC opened an investigation into Twitter in January 2019 after the company publicly disclosed that it had inadvertently made some users’ private tweets public.

The regulator found that the social media company failed to promptly declare and properly document the breach.

It’s the first such cross-border GDPR  decision by the commission, which serves as the lead European Union privacy supervisor for a number of tech giants.

The watchdog described the fine as “an effective, proportionate and dissuasive measure”.

The regulation requires most breaches of personal data to be notified to the relevant supervisory authority within 72 hours of the controller becoming aware of the breach.

It also stipulates that they document what data was involved and how they’ve responded to the security incident. Twitter was found to have failed on both counts in this case.

GDPR allows for fines of up to €30 million or 4% of global turnover, whichever is higher, to be imposed on companies that breach the regulation.

Twitter said an unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day resulted in it notifying the commission outside of the 72 hour period.

“We have made changes so that all incidents following this have been reported to the DPC in a timely fashion,” it said.

We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Céimin Burke
View 5 comments
Close
5 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds