Twitter became the first U.S.-based company to receive a fine for violating the European Union’s data privacy laws.
Ireland’s Data Protection Commission announced the fine, which exceeds half a million dollars, issued to Twitter for failing to notify users adequately and properly of a data breach that was disclosed in January 2019, according to the Wall Street Journal.
“The DPC’s investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure,” the regulator wrote in a press release, according to Tech Crunch.
The EU’s General Data Protection Regulation requires companies that experience a breach of personal data to notify relevant authorities within 72 hours and provide documentation cataloging what data was compromised and how the company responded to it. In both areas, Twitter was found to have failed.
“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers,” Twitter’s chief privacy officer Damien Kieran said, adding that the delayed notification to users was an “unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day.”
The decision to fine Twitter took Ireland’s data commission nearly two years.
This was the commission’s, which is the lead enforcement agency of the EU’s GDPR, first case in a string of them against U.S.-based companies. Some of those additional cases are against platforms such as Facebook, Apple, and Google.
