Twitter is fined £410,000 by Ireland’s data regulator for a bug that made private tweets public

by

Twitter is fined £410,000 by Ireland’s data regulator for a bug that made private tweets public

  • Irish regulator made first use of new GDPR ‘One Stop Shop’ EU rules 
  • Allow national watchdogs to impose penalties without consulting the bloc
  • EU’s GDPR is part of concerted effort to hold big tech companies accountable 
  • Silicon Valley giant Twitter rakes in more than £2.5 billion annually 

By Ross Ibbetson For Mailonline

Published: | Updated:

Ireland’s data watchdog has fined Twitter £410,000 for a bug that made private tweets public.

A 2019 probe found a glitch had affected Android users of Twitter’s app by making their protected tweets appear publicly.  

In particular the fine was levied due to Twitter’s ‘failure to notify the breach on time to the DPC and a failure to adequately document the breach,’ Ireland’s Data Protection Commission said in a statement.

In the first sanction against the Silicon Valley giant under new EU data privacy rules, the Irish watchdog handed down a 450,000 euro penalty on Tuesday.

In the first sanction against the Silicon Valley giant under new EU data privacy rules, Ireland’s Data Protection Commission handed down a 450,000 euro penalty (pictured: the Twitter logo)

The EU grants member states the right to levy fines of up to 4 percent of a company’s annual revenue – Twitter rakes in more than £2.5 billion – meaning the Irish sanction falls well below the maximum.

General Data Protection Regulation’s (GDPR) has been in force since 2018 but Dublin is the first to use a new ‘One Stop Shop’ resolution system which allows a national regulator to impose sanctions without consulting the EU. 

Some European Union regulators objected to Ireland’s preliminary Twitter ruling when it was issued in May, triggering a referral to the dispute resolution body, the European Data Protection Board to secure a two-thirds majority among member states.

The Irish regulator, which has more than 20 major inquiries into U.S technology firms open, has the power to impose fines for violations of up to 4% of a company’s global revenue or 20 million euros (£18.2 million), whichever is higher.

The penalty against Twitter is seen as a significant warning shot by some as many international tech companies are headquartered in Ireland for tax purposes. 

Twitter CEO Jack Dorsey appears before US Senators last month over censorship and social media's editorialising of content

Twitter CEO Jack Dorsey appears before US Senators last month over censorship and social media’s editorialising of content

What is GDPR? 

The General Data Protection Regulation is an EU-wide law that cam into force on May 25, 2018.

It gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data.

It also grants users a right to easily access the data collected from them and transparency on how it is being used.

Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.

Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines.

This ends territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around leaks.

The weight of fines able to be issued has also increased under GDPR.

Regulators will be able to issue penalties equivalent of up to four per cent of annual global turnover or 20 million euro (£18.2 million) – whichever is greater.

For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.