Twitter issued $547,000 GDPR fine by Irish regulator in landmark decision – CNET [CNET]

Ireland’s privacy watchdog issued Twitter with a fine of 450,000 euros ($547,000) over GDPR violations on Tuesday. The fine is the result of a landmark decision from the regulator to penalize the social platform for violating Europe’s strict data protection law, which is likely the first of several that will target tech giants in the coming months and years.

The fine follows a preliminary decision issued back in May by Ireland’s Data Protection Commission (DPC), which acts as the lead regulator on behalf of the entire EU for several tech giants that have their European HQs in Ireland. In a press release the DPC described the fine as “an effective, proportionate and dissuasive measure.”

Twitter received the fine because back in December 2018 it suffered a breach, and didn’t report quickly enough to the DPC (under GDPR, companies are required to report any breaches to their lead regulator within a 72-hour statutory notice period). According to Twitter, the delay in informing the DPC was “an unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day.”

In a statement on Tuesday, Twitter’s Chief Privacy Officer and Global Data Protection Officer Damien Kieran accepted that the company had made an error and said that the company had made changes so that all incidents following this have been reported to the DPC in a timely fashion.

“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur,” he said. “We appreciate the clarity this decision brings for companies and consumers around the GDPR’s breach notification requirements. Our approach to these incidents will remain one of transparency and openness.”

The Twitter case was one of multiple investigations involving Silicon Valley tech giants that the Irish regulator is currently making decisions on. Each case could result in a fine of up to 4% of a company’s global revenue or 20 million euros ($22 million), or even an order that would require the business to temporarily or permanently stop collecting and processing the data of European citizens.

Next up to hear about a fine will likely be WhatsApp, which the DPC also issued a preliminary decision on back in May.