Twitter has been slapped with a fine over a bug that made private tweets appear public. This marks the first-ever sanction against a cross-border firm after the new GDPR dispute resolution mechanism. What’s more surprising is that the bug had occurred in early 2019.
As Reuters reports, Ireland’s DPC(Data Protection Commission) has imposed a fine of 450,000 euros ($547,000) on Twitter. Besides, this is a result of a 2019 investigation according to which Twitter violates Article 33(1) and 33(5) of the GDPR. Precisely, some of the users’ private protected tweets became public due to an Android App bug.
This doesn’t go well with the DPC as GDPR law requires a company to notify the breach of privacy on time(within 72 hours) and document it properly(scope of vulnerable data, security measures, etc.,). However, Twitter has responded to this saying that it occurred due to an “unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day”.
EDITOR’S PICK: Elon Musk, Barack Obama, Bill Gates, among others affected by the Biggest Twitter Hack in recent history
For the unware, GDPR is Europe’s General Data Protection Regulation. Made in 2016, the new law is in force since May 2018. Its scope widens to the European Union and the European Economic Area. DPC, on the other hand, is a lead privacy supervisor for many tech giants including Apple, Twitter, Facebook, Google in the EU region.
The Irish watchdog already has a total of 20+ cases pending so far. Generally, it has the power to impose a fine up to 4% of a company’s global revenue or €20 million, whichever is higher. Plus, the new sanction is the first against a US firm after the new Dispute resolution system as mentioned above.
Accordingly, it empowers a national regulator to make a decision before consulting with other regulators of the EU. Anyway, Twitter’s response to the final ruling also says that it is fully responsible for this mistake and remains fully committed to protecting the privacy and data of our customers.
