Ireland’s Data Protection Commission (DPC) has imposed a fine of 450,000 euros (around $547,000) on Twitter for failure to promptly notify and properly document a data breach under Europe’s General Data Protection Regulation (GDPR).
This is not the first time a US-based technology firm has been fined in a cross-border case under Europe’s data privacy law that came into effect on May 25, 2018.
GDPR’s official website in 2019 said Ireland is investigating tech companies such as Facebook and Apple for alleged GDPR violations. A new annual report from the Ireland Data Protection Commission offers lessons for small businesses as well.
In February 2020 GDPR said its regulators have issued hundreds of fines to companies, including Google and Facebook, more than €114 million in the first 20 months of GDPR.
Today’s media report said DPC’s investigation into Twitter commenced in January, 2019 following the receipt of a breach notification from the social media company.
DPC found that Twitter infringed provisions of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach, TechCrunch reported.
Under Europe data protection law, organizations need to report breaches of personal data to the relevant supervisory authority within 72 hours of the controller becoming aware of the breach.
It is also important for them to properly document the data involved in the breach so that the data supervisor can check for compliance.
The Irish watchdog has a backlog of over 20 ongoing cases at this point, including active probes of Facebook, WhatsApp, Google, Apple and LinkedIn, among others.