Ireland’s privacy watchdog on Tuesday hit Twitter with a fine of 450,000 euros ($547,000) over GDPR violations. The fine is the result of a landmark decision by the regulator to penalize the social platform for violating Europe’s strict data protection law, which is likely the first of several that will target tech giants in the coming months and years.
The fine follows a preliminary decision issued in May by Ireland’s Data Protection Commission, which acts as the lead regulator on behalf of the entire EU for tech giants that have their European headquarters in Ireland. In a press release, the DPC described the fine against Twitter as “an effective, proportionate and dissuasive measure.”
Twitter got the punishment in light of the fact that in December 2018 it endured a breach and didn’t report it rapidly enough to the DPC (under the GDPR, organizations are needed to report any breaks to their lead controller inside a 72-hour legal notification period). As per Twitter, the deferral in educating the DPC was “an unforeseen outcome of staffing” between Christmas Day 2018 and New Year’s Day.
In an articulation on Tuesday, Twitter’s Chief Privacy Officer and Global Data Protection Officer Damien Kieran acknowledged that the organization had made a blunder and said that it had made changes so all episodes following this have been accounted for to the DPC in an opportune style.
“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur,” he said. “We appreciate the clarity this decision brings for companies and consumers around the GDPR’s breach notification requirements. Our approach to these incidents will remain one of transparency and openness.”
The Twitter case was one of different examinations including Silicon Valley tech monsters that the Irish controller is as of now settling on choices on. Each case could bring about a fine of up to 4% of an organization’s worldwide income or 20 million euros ($22 million), or even a request that would require the business to incidentally or forever quit gathering and handling the information of European residents.
Next up to find out about a fine will probably be WhatsApp, against which the DPC additionally gave a starter choice on back in May.