Twitter was fined 450,000 euros ($547,000) by its chief European Union data protection watchdog for failing to properly document and give a timely warning about a breach that threatened the privacy of Android phone users across the bloc.
This is the first such cross-border General Data Protection Regulation (GDPR) decision against an U.S tech company by the Irish watchdog, which is the lead EU privacy supervisor for a number of tech giants — having a backlog of some 20+ ongoing cases at this point, including active probes of Facebook, WhatsApp, Google, Apple and LinkedIn, to name a few
Under GDPR, regulators can levy penalties of as much as 4% of a company’s annual revenue for the most serious violations. Till date the biggest fine under the EU’s data protection rules was a 50 million-euro penalty for Google issued by France’s watchdog CNIL.
“We’re sorry it happened,” Damien Kieran, Twitter’s chief privacy officer and global data protection officer, said in a statement.
The regulator writes in a press release, “The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure.”