Twitter slapped with fine for breaking EU’s data privacy law
Twitter Inc. was fined 450,000 euros ($547,000) by its chief European Union data protection watchdog for failing to give a timely warning about a breach that threatened the privacy of Android phone users across the bloc.
Twitter violated EU data protection rules by failing to report a breach within the required 72 hours, Ireland’s Data Protection Commission said Tuesday in a statement. Twitter was also fined over its “failure to adequately document the breach.”
The administrative fine was levied as “an effective, proportionate and dissuasive measure,” the Irish watchdog said.
The US social-media giant last year warned the Irish authority of a potentially disabled privacy setting that put some devices running on Google’s Android mobile operating system at risk. The Irish authority’s investigation started in January 2019. Because it potentially affected users throughout the EU, the regulator had to send the draft findings of its probe to other authorities, dragging out a process that critics complained took far too long.
Cases at the Irish data-protection regulator have been piling up since the bloc’s tough General Data Protection Regulation took effect in May 2018. The slow pace has attracted criticism from privacy advocates and other EU regulators, which have no power to decide on cases concerning wider European violations by companies with an Irish EU base.
GDPR allows regulators to levy penalties of as much as 4% of a company’s annual revenue for the most serious violations. The biggest fine to date under the EU’s data protection rules was a 50 million-euro penalty for Google issued by France’s watchdog CNIL.
Helen Dixon, Ireland’s privacy commissioner, has opened at least 20 probes into big tech firms since the EU’s new privacy rules took effect, including cases involving Apple Inc., Facebook Inc. and Microsoft Corp.’s LinkedIn.