Twitter is fined £410,000 by Ireland's data regulator for a bug that made private tweets public

  • Irish regulator made first use of new GDPR 'One Stop Shop' EU rules 
  • Allow national watchdogs to impose penalties without consulting the bloc
  • EU's GDPR is part of concerted effort to hold big tech companies accountable 
  • Silicon Valley giant Twitter rakes in more than £2.5 billion annually Ireland's data watchdog has fined Twitter £410,000 for a bug that made private tweets public.

    In the first sanction against the Silicon Valley giant under new EU data privacy rules, Ireland's Data Protection Commission handed down a 450,000 euro penalty.

    General Data Protection Regulation's (GDPR) has been in force since 2018 but Dublin is the first to use a new 'One Stop Shop' resolution system which allows a national regulator to impose sanctions without consulting the EU.The EU grants member states the right to levy fines of up to 4 percent of a company's annual revenue - Twitter rakes in more than £2.5 billion - meaning the Irish sanction falls well below the maximum.

    The Twitter logo

    The Twitter logo

    Some European Union regulators objected to Ireland's preliminary Twitter ruling when it was issued in May, triggering a referral to the dispute resolution body, the European Data Protection Board to secure a two-thirds majority among member states.

    The Twitter fine relates to a 2019 probe into a bug in its Android app, where some users' protected tweets were made public.

    In particular it was levied due to Twitter's 'failure to notify the breach on time to the DPC and a failure to adequately document the breach,' the Data Protection Commission said in a statement.

    The Irish regulator, which has more than 20 major inquiries into U.S technology firms open, has the power to impose fines for violations of up to 4% of a company's global revenue or 20 million euros (£18.2 million), whichever is higher.

    Twitter CEO Jack Dorsey appears before US Senators last month over censorship and social media's editorialising of content

    Twitter CEO Jack Dorsey appears before US Senators last month over censorship and social media's editorialising of content

    What is GDPR? 

    The General Data Protection Regulation is an EU-wide law that cam into force on May 25, 2018.

    It gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

    For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data.

    It also grants users a right to easily access the data collected from them and transparency on how it is being used.

    Everyday users have to do very little to comply with GDPR – it's more targeted at big online businesses.

    Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines.

    This ends territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

    The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around leaks.

    The weight of fines able to be issued has also increased under GDPR.

    Regulators will be able to issue penalties equivalent of up to four per cent of annual global turnover or 20 million euro (£18.2 million) – whichever is greater.

    For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.


No comments:

Powered by Blogger.