What you need to know
- Twitter has been fined 450,000 euros ($547,000) for violating EU data protection rules.
- The penalty has been levied due to Twitter's inability to report a breach within 72 hours, as required by EU data protection rules.
- This is the first time that a U.S. company has been fined under the new EU data privacy law.
Twitter has been fined €450,000 ($547,000) by Ireland's Data Protection Commission (DPC) for its failure to report a data breach on time under EU data protection rules (via Reuters). The Irish watchdog said in a statement that the penalty was levied as "an effective, proportionate and dissuasive measure."
Europe's General Data Protection Regulation (GDPR) requires companies to report breaches of personal data to the relevant authority within 72 hours. The penalty relates to a breach that was disclosed by Twitter in January 2019, more than two months after it became aware of a bug in its Android app that caused some users' protected tweets to be made public.
In a statement posted on its website, Twitter said:
We take full responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.
The company added that the delay in reporting the breach was an "unanticipated consequence of staffing between Christmas Day 2018 and New Years' Day" and that is has made the required changes to ensure any similar incident in the future can be reported in a timely fashion.
The Irish watchdog currently has over 20 major inquiries into U.S. tech companies and has the power to issues fines of up to 4% of a company's global revenue.
